Forum Discussion
NimbostratusASM Over iRule
hi,
i have a standard virtual server with an http profile assigned, no pool or nodes only irule.
the client sends http request and the irule parses the request and sends a response. (my irule fires with the event of HTTP_REQUEST)
when i tried to assign an ASM policy to this virtual server i dont see any requests in the application "all requests" log.
of course the application logging is set to log all requests and the logging profile is assigned to the virtual server.
does the ASM only receives the traffic leaving the virtual server towards a node?
how can i enforce ASM Policy on the requests hitting my irule?
thank you.
2 Replies
Kevin_Davies_40Nacreous
ASM protects an application. The application and associated virtual server must be in working order before attaching a policy. I see why you are asking the question but without a working application the behaviour is unknown.
Hannes_Rapp"the client sends http request and the irule parses the request and sends a response. (my irule fires with the event of HTTP_REQUEST)"
The reason you don't see any logs in ASM is because ASM security checks are not processed. You are intercepting the request with a response triggered from your iRule.
By minimum, you will have to add a dummy pool to your virtual server without a health-check to circumvent the LB_FAILED event. Also, any iRule "HTTP::respond" functions must be commented out.
In case of a HTTP response which is triggered from F5, the request handling will be isolated to LTM, and the ASM module will not come into play at all. This applies even if you have correctly configured ASM policy and the logging profile.
