Why can't I be intercepted on Awaf by configuring Request Content AND does not contain string? What's the reason?

Question

Why can't I be intercepted on Awaf by configuring Request Content AND does not contain string? What's the reason?&nbsp;

samstep · Answer

It looks like your requirement is to allow only two URLs in your ASM policy to protect an API, however what you are trying to do is to write a an attack signature which will block all requests and only allow API ones. This is inefficient and difficult to configure and debug as you may have noticed.&nbsp;
A better and cleaner approach would be to simply create those two API URLs (ending *r_code and *r_key) as the only allowed URLs in the policy (e.g. delete the * wildcard) and make sure that 'Illegal URL' is set to 'Block' - that's it! All other requests will be blocked automatically without a need to write and maintain custom Attack Signatures.&nbsp;

Forum Discussion

Why can't I be intercepted on Awaf by configuring Request Content AND does not contain string? What's the reason?

1 Reply

Recent Discussions

Chrome V 124+ on MacOS - Virtual Server Access Issue

F5Access | MacOS Sonoma

Transaction looks successful but file not downloading

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

F5 Access Guard Deprecated: ZTA APM

Related Content

LTM Diameter iRules and Profile Configurations with Support for Server Initiated Request

Distributed caching of authentication requests with NGINX Ingress Controller

DNS Interception: Protecting the Client

Logging DNS Requests

Certificate Expiry Email alert configuration