For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

sys-team_172267's avatar
sys-team_172267
Icon for Nimbostratus rankNimbostratus
Jun 27, 2016

ASM disable and log requests

Hello,   After i disabled ASM by iRule (ASM::disable) i still should see requests under "Event Logs-->Application-->Requests? i build iRule that recognized specific URL path and disabled ASM for t...
ASM Advanced WAF
devops
LTM
security
Jinshu's avatar
Jinshu
Icon for Cirrus rankCirrus
Jul 04, 2016

Hi Mate,

You can block ASM check in two different ways. Either do it via an Irule or through GUI (LTM policy).

If you prefer Irule, try below one.

when HTTP_CLASS_SELECTED { 
ASM::enable 
if { [HTTP::uri] starts_with "/uri" } { 
ASM::disable 
} 
}

Your irule is working but you have allowed ASM to create a Violation and thats why it is notofying you as an event.

If you prefer LTM policy, remove the Irule and configure policy as mentioned below.

Local Traffic > Policies > asm_l7_policy_whatever.website.com > under Rules click on Add, give it a name, like policy_whitelist, operand: http-uri (leave rest of fields default) > condition: choose equals/contains/etc, value = your URI, click add, then click the Add further down where operand/event/etc is located.

In the Actions area, target > asm, action > disable. Click Add where target/event/etc are. and Finished.

Then once back at the main policy page, do a re-order and move the policy_whitelist you created above default, so it will disable on the URI string prior to hitting the default ASM enable.. once you done this once or twice, pretty simple and can be used a lot.

Hope this helps.