For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

S_L_V_Ramana_T's avatar
S_L_V_Ramana_T
Icon for Nimbostratus rankNimbostratus
Jan 21, 2019

ASM policy block mode for one particular source IP address and remaining IPs ASM should be in transparent.

Created two ASM policies for one virtual server and configured below iRule for traffic routing. Kindly check and let me know if any issue in the iRule and also I want to forward the logs to remote rs...
iRules
security
samstep's avatar
samstep
Icon for Cirrocumulus rankCirrocumulus
Jan 21, 2019

for traffic routing it is much better and easier to use the local traffic policy instead of an iRule.

 

If you need different blocking behaviour for just 1 IP address you are doing it wrong - maintaining 2 identical policies is a massive overhead - use Trusted IP address feature instead: https://support.f5.com/kb/en-us/products/big-ip_asm/manuals/product/asm-implementations-12-0-0/24.htmlunique_418795504

 

For remote logging simply configure the remote logging profile in your policy, here's the ASM manual chapter describing how to do this:

 

https://support.f5.com/kb/en-us/products/big-ip_asm/manuals/product/asm-implementations-12-0-0/14.htmltaskid