Filter Specific ajax requests under a URL and grant access accordingly

Question

Hi All,&nbsp;
I have special requirement for the ASM to check on "xyz" parameter and only grand access to the web server if the value of the parameter is mapmap or xy_get_data.&nbsp;
I created the parameter under parameters and linked it to the specific URL, enable blocking on the blocking page. However, i am not able to know where i can specify the values mapmap or xy_get_data.&nbsp;
Thanks in advance.&nbsp;
Regards&nbsp;
Hussein&nbsp;

arnaud_lemaire · Answer

Hello Hussein,&nbsp;
i'm not sure ASM is really able to do that. what you could implement :&nbsp;
a LTM policy to allow or reject based on the presence of this parameteran irule doing the same with the possibility to trigger an asm violation in this casea signature in ASM (but i'm not sure if with can implement negative matching)

samstep · Answer

If your parameter is only allowed to have two permitted values create it as a static parameter type in your policy and add your allowed values as static values. Make sure "Allow Empty Value" is un-ticked. Make sure your policy is blocking on violation: "Illegal static parameter value" .&nbsp;
That's it!&nbsp;

Forum Discussion

Filter Specific ajax requests under a URL and grant access accordingly

2 Replies

Recent Discussions

Rewrite uri translation not working

no available managed rule groups for Israel il-central-1

About shun list for L7 DDoS?

CONNECTION IS LOST DUE TO SELF IP IS DELIVERED

ASM instance creation

Related Content

Distributed caching of authentication requests with NGINX Ingress Controller

Logging DNS Requests

F5 AWAF - bypass request based on the pressence of a request header - value

check the utilization on specific node

Load balancing method specific decision