F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

Hussein_Ghazy's avatar
Hussein_Ghazy
Icon for Nimbostratus rankNimbostratus
Nov 11, 2014

Bypassing ASM measures to allow a vulnerability Scanners

Hi All,   The Websites are protected with ASM policies and we planning to start doing frequent PenTesting.   I will add the IP Address of the PenTester to the IP Address Exception under each AS...
ASM Advanced WAF
security
David_Stout's avatar
David_Stout
Icon for Nimbostratus rankNimbostratus
Nov 11, 2014

You might find this iRule handy 🙂

when HTTP_CLASS_SELECTED {

 Disable ASM if client is on a specific network address range

if { [IP::addr [IP::client_addr]/32 equals x.x.x.x] } {
         ASM::disable
   } elseif  { [IP::addr [IP::client_addr]/26 equals x.x.x.x] } {
         ASM::disable
   } else {
       ASM::enable
   }


 Save a copy of the URI in lowercase for multiple tests

   set test_uri [string tolower [HTTP::uri]]

 Disable ASM for specific URI  

    if { $test_uri contains "/upload" } {
           ASM::disable
    } elseif { $test_uri contains "/test" } {
           ASM::disable
    } elseif { $test_uri contains "/microsoft" } {
           ASM::disable
    } else {
           ASM::enable
    }

 Verify method is POST bypass ASM

   if { ([HTTP::method] eq "POST")}{
      ASM::disable
   }
}