For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Andrew_Lagomar1's avatar
Andrew_Lagomar1
Icon for Nimbostratus rankNimbostratus
May 29, 2018

Can non-http pass through ASM without being dropped?

Will an ASM allow non-http traffic to pass through it? Is there an option or setting that will allow it?   We are setting up an inspection zone for our external web apps, but we do have occasional...
application delivery
ASM Advanced WAF
LTM
security
Simon_Blakely's avatar
Simon_Blakely
Icon for Employee rankEmployee
May 30, 2018

ASM won't just pass through the traffic if it isn't HTTP - it will inspect it and block on HTTP non-compliance.

 

You can add a profile/irule to disable the ASM policy for non-HTTP traffic, but that is only of value for things like websockets or RPC-over-HTTP where you also have normal HTTP traffic to inspect.

 

Do yourself a favour and only apply ASM policies to HTTP virtuals.