For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Randy_Toombs_35's avatar
Randy_Toombs_35
Icon for Nimbostratus rankNimbostratus
Feb 08, 2019

Apply ASM policy through iRule

I know that I have asked questions about using iRules to apply ASM policies in the past, but I am running into some issues. Just some background, our Load Balancing team is telling us that they need...
ASM Advanced WAF
security
Kai_Wilke's avatar
Kai_Wilke
Icon for MVP rankMVP
Feb 11, 2019

Hi Randy,

for Virtual Servers serving multiple Web Applications with dedicated ASM Policies, I'm going to assign a "DUMMY" ASM Policy (an ASM Policy which simply blocks everything).

Then I use the iRule below to switch between different ASM Policies based on a 

$variable
or disable ASM as needed. The 
$variable
can be 
set
or even become computed at the time you select the pool.

when HTTP_REQUEST priority 999 {
    if { ( [info exist ASM_Policy] )
     and ( $ASM_Policy ne "" ) } then {
        ASM::enable "/Common/$ASM_Policy"
    } else {
        ASM::disable    
    }
    unset -nocomplain ASM_Policy
}

The important point is, that your have to assign a ASM Policy to your Virtual Server, before you can select a ASM Policy or selectively disable ASM at all. The opposite direction won't work...

Cheers, Kai