Forum Discussion

D99's avatar
D99
Icon for Cirrus rankCirrus
Nov 07, 2021

Exclude WAF for a particular URI

Hi Experts,

 

I have a requirement to exclude WAF for all URI's that include api/mobile. WAF should function normally for other URL/URI's

 

Any guidelines on how to achieve this via HTTP policy or irules.

  • Hi Danish,

    I think you could achieve your goal with Local Traffic Policy for ASM. This KB article will provide guidance:

    https://techdocs.f5.com/kb/en-us/products/big-ip_asm/manuals/product/asm-implementations-11-5-0/41.html

     

    I can imagine a simple policy like this:

     

    Match all of the following conditions:

    HTTP URI path contains "api/mobile" at request time

    Do the following when the traffic is matched:

    Disable ASM at request time