Forum Discussion
NimbostratusASM scenario - Shared Policy for Dozens of Virtual Servers
Hello Team,
Perhaps someone has a creative solution to my problem.
Question: What would be a good way to put an ASM Security Policy to Transparent Mode (for one Virtual Server). Consider the details below.
- Policy is shared; it's in use for many instances of the same service (applied to multiple Virtual Servers)
- Transparent Mode operation is temporarily required for one Virtual Server, whereas the Blocking Mode operation should remain for all the other Virtual Servers
- De-attaching the policy from a specific Virtual Server is forbidden, all logs, such as Manual Traffic Learning suggestions must be preserved since there's a chance a Signature Update will be installed meanwhile.
I have a solution myself, but it involves a duplicate policy. Can the problem be solved without a duplicate policy, and without going the route of implementing a dedicated ASM Security Policy for every Virtual Server?
Regards,
3 Replies
Hi Hannes,
I believe that currently your best option is to use ASM::unblock based on the Host header or Virtual server name.
In the near future ASM will allow better control over such use-cases, so stay tuned :)
Hannes_Rappthx
- Kai_Wilke
MVP
Hi Hannes,
as already sugested by Tzoori the
command can be used to selectively overwrite your "Blocking Mode" policy to "Transparent Mode". The snippet below can be used as a starting point...[ASM::unblock]when ASM_REQUEST_DONE { if { ( [ASM::status] eq "blocked" ) and ( [HTTP::host] equals "www.domain.de" ) and (( [IP::addr [IP::client_addr] equals 10.0.0.0/8] ) or ( [IP::addr [IP::client_addr] equals 172.16.0.0/12] ) or ( [IP::addr [IP::client_addr] equals 192.168.0.0/16] )) } then { ASM::unblock } }Note: Keep in mind that have to enable the post v11.5 iRule operation mode in your ASM policy, to trigger the
event.ASM_REQUEST_DONECheers, Kai
