ASM unauthenticated URLs with login enforcement

Question

Hi,
I am look for away to allow some unauthenticated access for css etc. under a path that has login enforcement enabled on it. &nbsp;
eg.&nbsp;
/site/login.aspx
/site/logout.aspx
/site/content/*
/site/scripts/*
/site/images/*
/site/other_urls_I_want_to_protect_a.aspx
/site/other_urls_I_want_to_protect_b.aspx 
/site/other_urls_I_want_to_protect_c.aspx 
/site/other_urls_I_want_to_protect_d.aspx 
/site/other_urls_I_want_to_protect_e.aspx&nbsp;
/site/ ( and so one )&nbsp;
So currently I have the login page configure as /site/login.aspx, with authenticated access required for /site/* and a logout page configured as  /site/logout.aspx&nbsp;
But the login page need to load a lot of resource from  /content/, /scripts/ and /images/. &nbsp;
But ASM is going its job and blocking them.&nbsp;
Where/how can I create a list of file/paths that are unauthenticated access too.&nbsp;
Lachlan&nbsp;

david_martin · Answer

This is and old post but hope it helps other people.&nbsp;
To exclude the urls referred by your login page you can add them one by one to the login pages with no-authenticated type and a fake status code (asm force to write down some data).&nbsp;
This pages will not trigger login bypass violations and will not authenticate the user. &nbsp;

Forum Discussion

ASM unauthenticated URLs with login enforcement

1 Reply

Recent Discussions

Chrome V 124+ on MacOS - Virtual Server Access Issue

F5Access | MacOS Sonoma

Transaction looks successful but file not downloading

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

F5 Access Guard Deprecated: ZTA APM

Related Content

BIG-IP Configuration utility unauthenticated remote code execution vulnerability CVE-2023-46747

BoT Defense Profile, Signature Enforcement

Insufficient permissions BIG-IQ login error

unauthenticated or authenticated FTP proxy

DevCentral to Require Multi-Factor Authentication for Account Login from September 26