Forum Discussion

Juan_106703's avatar
Juan_106703
Historic F5 Account
Feb 11, 2014

ASM Policy by Source IP (without using HTTP CLASS)

Hi Guys,

 

Looking for a way to enable an ASM Policy for connections from a specific Source IP address.

 

This was previously possible using the HTTP CLASS event; however I have not found a way to do this using the new Policy events that have replaced the CLASS events in recent versions (11.4.0+).

 

While the Policy options include several mechanisms; IP source address is not included.

 

Or is it possible to use ASM::enable in HTTP_REQUEST now?

 

Any suggestions appreciated.

 

Cheers

 

application delivery
ASM Advanced WAF
design
devops
iRules
policy
security

1 Reply

  • Kevin_Stewart's avatar
    Kevin_Stewart
    Icon for Employee rankEmployee
    Feb 11, 2014

    Maybe something like this:

    when HTTP_REQUEST {
    if { not ( [IP::client_addr] equals "10.80.0.1" ) } {
        ASM::disable
    }
}