Forum Discussion
Victor_Soares
Nimbostratus
Both of the alerts are matching at the img tag: src/dynsrc/lowsrc (Parameter) signature in /wp-admin/* path
spalande
Apr 13, 2021Nacreous
well, it's not getting blocked because you have not allowed the URL.
It's getting blocked because of the ASM signature triggered or HTTP compliance setting (I still can't see the exact reason as you have not shared it). But either way you would need to fine tune the ASM policy further to allow this request.
If you want to completely disable ASM inspection on this path, you can create LTM policy and disable ASM for this path or iRule as below. But the recommended way would be to fine tune ASM policy in learning mode and whitelist the signatures as required on that path
when HTTP_REQUEST {
switch -glob [string tolower [HTTP::uri]] {
"/wp-admin*"
{
ASM::disable
} default {
return
}
}
}