ASM allow specific url from outside country of geolocation ON

There is no procedure like "ASM::geo_disable" in current BIG-IP ASM implementations. Best way to handle this would be to create a cloned security policy with geolocation enforcement changed according the requirement and use that with the requests to specific URL.

Example:

when HTTP_REQUEST {
    if { [string tolower [HTTP::path]] eq "/your-specific-url" } {
        ASM::enable /Common/policy_without_geolocation
    }
}

Alternatively, you can use an ltm traffic policy to achieve the same.

Example:

If you plan to use this:

You will first need to disable the application security policy from the virtual server:security > policies tab as we will be manipulating security policy manually using an ltm traffic policy later. This will also remove the automatically created asm_auto ltm traffic policy from the virtual server.

Once the newly created ltm policy with asm manipulation attached to the virtual server, if you come back to this section, it will reflect here.

Always try to use ltm traffic policies rather than an iRule whenever possible as iRules consume more resources. Hope this helps. 

Hello Srj73​ 

As Mayur_Sutare​ said, you can do it with an irule

try something like this

when HTTP_REQUEST 
{
    set client_country [whereis [IP::client_addr] country]
    switch -glob [HTTP::uri] 
	{
        "/your/path/1" -
		"/your/path/2"
		{
            switch $client_country 
			{
                "COUNTRY_CODE_1" -
                "COUNTRY_CODE_2"
				{
                    ASM::geo_disable
                    log local0. "GEO BYPASS: Country=$client_country URI=[HTTP::uri] IP=[IP::client_addr]"
                }
                default 
				{}
            }
        }
        default 
		{}
    }
}

Hi Srj73​ I think, you should be able to do this using ASM events iRule.