Forum Discussion
sys-team_172267
Nimbostratus
NimbostratusASM disable and log requests
Hello,
After i disabled ASM by iRule (ASM::disable) i still should see requests under "Event Logs-->Application-->Requests?
i build iRule that recognized specific URL path and disabled ASM for t...
I just tested this on 12.0 with a fairly basic configuration; HTTP VS, Log All Requests logging profile attached, ASM policy set to block for the 'curl' user agent and a test request.
Once I added the iRule my request was no longer blocked and I no longer saw a log entry in the logging profile.
Your test implies the request is, indeed, being processed via the ASM module. What iRule event are you using ASM::disable in? I tested with HTTP_REQUEST.
sys-team_172267Thank you guys for you help, this is my iRule: when ASM_REQUEST_DONE { set x [ASM::violation_data] if {([lindex $x 0] contains "VIOLATION_CHAR_CONV")&&([HTTP::path] equals "/request")} { log local0. "VIOLATION_CHAR_CONV detected" ASM::disable } } Unfortunately, I still see the requests log. I am sure that the iRule works because I also get log in "log local0. "VIOLATION_CHAR_CONV detected" Thank you.- The problem you have here is that ASM_REQUEST_DONE is too late in the process to disable ASM; it has already processed the request and made the decision not to send it on to the origin web server. If the end game is granular control of the blocking mask on a per-URL basis then I think the best route forward would be separate policies and use the Local Traffic Policy to direct traffic to one or the other.
