Limiting http methods to specific URLs

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Limiting http methods to specific URLs

L0 Member

Has anyone had luck limiting http methods like PUT to limited URLs? For example, limiting a PUT to https://www.foo.com/ but not to https://www.foo.com/folder1 ? I've created a custom vulnerability that allows the http-method (http-req-header length > 0 which http-method=PUT) in a custom vulnerability but I am having trouble limiting it to the host only portion or the URL/URI. Not sure if this should be further defined in the custom vulnerability, URL category, or just as an fqdn address object? I am trying to think that if I have a use case in the future to allow to https://www.foo.com/folder2 but not https://www.foo.com/folder2/uploads would it be the same solution?

3 REPLIES 3

L7 Applicator

You should try using a targeted security policy with a Custom URL entry to match the URN of interest in the Service/URL Category tab of the Security Policy Rule. You will then apply the restrictive Vulnerability Protection Profile with an Exception set to block on your Custom Vulnerability Signature. Note that given that these are HTTP(S) resources, this is dependent on successful TLS decryption.

Thanks, any idea what the terminating character for the custom URL would be? For instance, how would one limit to only the top level meaning example.com but not grant access to example.com/file1, example.com/cgi-bin, or example.com/*

you can block a single URL if you use a literal URL for the policy and no special characters such as asterisk tailing the string, so just put in example.com/ and no "*" at the end.

  • 3730 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!