Forum Discussion

George_33482's avatar
George_33482
Icon for Nimbostratus rankNimbostratus
Feb 05, 2014

ASM iRule events not being triggered

Hello, I have an ASM version 11.4.0 HF5, i have an issue that the ASM iRule event actions are not being triggered. simple iRule: when ASM_REQUEST_BLOCKING { log local0. "test }.

 

Off course the "Trigger ASM iRule Events" has been selected in the security policy. when a violation occur, the irule is not triggered and no log in the /var/log/ltm or /var/log/asm

 

Any ideas!?!?!?!!? Help Please. Regards,

 

application delivery
devops
iRules
  • seilemor_131269's avatar
    seilemor_131269
    Icon for Altostratus rankAltostratus
    Sep 11, 2014

    Hey, I´ve the same problem as you and I found the solution. You must activate the usage of iRule events into the ASM policy. The answer from the following thread has solved my problem. Now the iRule event ASM_REQUEST_BLOCKING will be executed. https://devcentral.f5.com/questions/where-in-f5-asm-do-i-enable-the-trigger-asm-irule-event-setting

     

  • Cory_50405's avatar
    Cory_50405
    Icon for Noctilucent rankNoctilucent
    Feb 05, 2014

    when ASM_REQUEST_BLOCKING { log local0. "test" }

     

    You didn't close the quote after test in the example you posted above.

     

  • Cory_50405's avatar
    Cory_50405
    Icon for Noctilucent rankNoctilucent
    Feb 05, 2014

    Syntax looks correct. Obvious questions, but I'll ask anyway. The iRule is applied to the virtual server in question, and your ASM policy is in blocking mode?

     

  • George_33482's avatar
    George_33482
    Icon for Nimbostratus rankNimbostratus
    Feb 05, 2014

    yes the policy is in blocking and i am generating blocked violations, the iRule with ASM_Request_blocking event , binded into the VS is not being triggered.

     

    when i tried to add HTTP_REQUEST in the same irule and log something under this event, i can see logs being generated when this event fires.

     

    I am afraid I have to do something in the Local Traffic Policy......i don't know

     

    • Cory_50405's avatar
      Cory_50405
      Icon for Noctilucent rankNoctilucent
      Feb 05, 2014
      Yeah, ASM underwent some changes in v11.4. I can't seem to dig up exactly what changed from an iRule events perspective though. I'll keep looking around.
    • Mike_Maher's avatar
      Mike_Maher
      Icon for Nimbostratus rankNimbostratus
      Feb 06, 2014
      What does the Local Traffic policy attached look like?
    • boneyard's avatar
      boneyard
      Icon for MVP rankMVP
      Feb 06, 2014
      i pretty much did what you did and for me it works. did you attach a logging profile? can you create your own simple policy?
  • George_33482's avatar
    George_33482
    Icon for Nimbostratus rankNimbostratus
    Feb 06, 2014

    yes, it is working for me after trying another violations. actually, what i was trying to do is to test the information leakage (data guard), the page gets blocked and i can see the logs in the asm event logs. But, the iRule is not getting triggered. It seems that the data guard do not use the event action "ASM_REQUEST_BLOCKING".

     

    Thanks,