Forum Discussion

Cirrus

Aug 12, 2021

Bypassing ASM on HTTP response

Is it possible to prevent ASM from blocking responses when there's a specific HTTP header present in the HTTP response? Let's say we block responses with HTTP status code 500 by default in our securi...

Aug 13, 2021

Try with an iRule. use appropriate asm policy name.

Use logging to see if condition is getting triggered and then it can be disabled.

when HTTP_RESPONSE  {
ASM::enable "/common/asm_policy"
if { ([HTTP::status] == 500) and ([HTTP::header value Content-Type] eq "application/problem-handled-return-to-client") }{
log local0.info "disable asm"
ASM::disable
return
   }
}

spalande

Nacreous

Aug 13, 2021

Try with an iRule. use appropriate asm policy name.

Use logging to see if condition is getting triggered and then it can be disabled.

when HTTP_RESPONSE  {
ASM::enable "/common/asm_policy"
if { ([HTTP::status] == 500) and ([HTTP::header value Content-Type] eq "application/problem-handled-return-to-client") }{
log local0.info "disable asm"
ASM::disable
return
   }
}

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

Bypassing ASM on HTTP response

Recent Discussions

Client SSL Profile set to Require Client Certificate breaks RDP in APM

TS Declarations for DNS

APM file and registry key date check 8 days old

SSL bridging without SSL proxy forward

Should config via cli rather than gui?

Related Content

F5 apm ACL ACES bypassed

SRV record response to contain different priority response everytime

Parse username from server response

DNS Whitelist Responses

Http redirection

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS