Forum Discussion

Mrad_231364's avatar
Icon for Nimbostratus rankNimbostratus
Nov 02, 2017

Blocking URI



I need to block a URI /example.ashx?f=WXR&auser=1134


i created a custom violation called VIOLATION_FORBIDDEN and created the below iRule and apply it on the VS. But it is not working, and in the security event logs i am able to see this URI as legal request. But when i write in the iRule /example.ashx?f it is stopping it but other function on the applications are stopped too, so this is not a solution.


Any idea?


when HTTP_REQUEST { set reqBlock 0 if {([string tolower [HTTP::uri]] contains "/example.ashx?fn=WXR&auser=1134")} { set reqBlock 1 } }


when ASM_REQUEST_DONE { if { $reqBlock == 1} { ASM::raise VIOLATION_FORBIDDEN } }


2 Replies

  • you are using

    string tolower
    but comparing it against a string that has upper case characters. Try changing to this:

    if {([string tolower [HTTP::uri]] contains "/example.ashx?fn=wxr&auser=1134")} {

  • This is great and something I think I can use however I need help adding logic to allow the URI above if client IP is a private range. example 10.x.x.x/8 allow internal users to the URI, if not in range raise to violation forbidden? Any Suggestions?