Forum Discussion

Altostratus

Jul 07, 2009

Choosing WAF and SSL offload via Irules

Hello, here is what we are trying to perform: We want that the internal request go to the ASM. So the BigIP VIP has an sslprofile, perform the ssl offload, goes in the Irule and is anal...

Cirrostratus

Jul 07, 2009

Hi Adrien,

In 10.0.1 (not 10.0.0) you can enable/disable ASM on a connection using ASM::enable / disable. See SOL10128 for details (Click here).

You'll need to use SSL::disable and HTTP::disable in the CLIENT_ACCEPTED event once you've determined that the client IP address should not go to ASM. Once you do that, I don't think you actually need to disable ASM as the request won't be decrypted or parsed as HTTP.

I haven't tried this yet on 10.0.1 though, so can you try this and reply with the result?

Thanks,

Aaron

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Choosing WAF and SSL offload via Irules

F5 Academy at AppWorld 2026

Aswin MK - November 2025 Featured Member

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

CVE mitigation on F5 XC vs classic F5 WAF

Could not communicate with the system. Try to reload page.

F5 XC 503 upstream_reset_before_response_started{protocol_error}

UCS Encryption Question

BIG-IP VE: 40G Throughput from 4x10G physical NICs

Related Content

Choosing an Instance for F5 BIG-IP in AWS

FTPS Offload via iRules

Choose Your Operator Wisely

SSL Offloading and Backend pool https

HTTPS offload rewriting

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS