For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

SanYang's avatar
SanYang
Icon for Cirrostratus rankCirrostratus
May 22, 2024
Solved

Can iRule forward request to pool after ASM block without ASM:unblock ?

Hello expert,

 

I have written an iRule that when blocked forwards to other pools without any problems.
It is done !

when ASM_REQUEST_DONE  {
    if { [ASM::status] equals "blocked" } {
            ASM::unblock            
            HTTP::uri "/"
            pool pool_blockpage
            }
}

 

I'm asking if there is a way to have blocked traffic directed to another pool without unblocking it ?

Any help is appreciate.

application delivery
asm
unblock
  • Amine_Kadimi's avatar
    Amine_Kadimi
    May 23, 2024

    Hi,

    As per the traffic flow design, this would not be possible. You can consider that the request goes through LTM (the VS), then ASM (the security policy), then LTM if not blocked for further processing including sending to the pool member. 

    So in your scenario the request won't be handed from ASM back to LTM since it will be blocked without further processing.

    See the image below for the flow details

     

2 Replies

  • Amine_Kadimi's avatar
    Amine_Kadimi
    Icon for MVP rankMVP
    May 23, 2024

    Hi,

    As per the traffic flow design, this would not be possible. You can consider that the request goes through LTM (the VS), then ASM (the security policy), then LTM if not blocked for further processing including sending to the pool member. 

    So in your scenario the request won't be handed from ASM back to LTM since it will be blocked without further processing.

    See the image below for the flow details