Forum Discussion

maurox_59221's avatar
maurox_59221
Icon for Nimbostratus rankNimbostratus
Jun 22, 2012

Bypass ASM

Hi all,

 

I'm searching the best way to bypass the ASM (enabled only for the geoloaction block) for some specif IP adress.

 

I've tryed using a specific http profile , adding these IP to the list "Host List" and after I've associated this profile to a policy in transparent mode.After I've added (as the first , the deault profile -in "block mode" - is the secondary)this profile to the http class profile.

 

But it semms that this configuration doesn't work. My requests from the whitelisted IP are blocked.

 

Maybe someone has already implemented and tested an Irule for this?

 

best regards,

 

maurox

 

  • You can create a data group list called asm_whitelist with the IP addresses contained in it, and use the following iRule:

    
    when HTTP_CLASS_SELECTED {
      ASM::enable
      if { [class match [IP::client_addr] equals asm_whitelist] } {
        ASM::disable
      }
    }
    

    Regards,

    Eric
  • Eric,

     

    it works! many thanks! The strange thing is that the "ignored Ip adresses" on ASM doesn't work if youdon't have the policy building enabled...

     

    best regards,

     

    maurox