Forum Discussion
m1k3_56519
Nimbostratus
Jan 21, 2009exclude some paths from signature based ASM
Hello guys,
is it possible to exclude some paths from signature based ASM? For example I've enabled the ASM module for the host www.asm.com and I would like to exclude the path www.asm...
Richard__Harlan
Apr 20, 2015Historic F5 Account
You are correct when putting Cookie and Source Persist together. If there is a persist record it will go to that server and cluster all the clients that share the same IP to the same server.
dragonflymr
Cirrostratus
Apr 20, 2015Thanks, good to have confirmation from experienced F5'ers
Piotr
- Apr 18, 2023
Hi nickamon,
I think multiple variable cannot be compare without using "or" in the expression. Using iRule can help.
- Add iRule event before Advanced Resource Assign.
- Compare user names with datagroup in the iRule.
- Set new variable by datagroup match in the iRule.
- Use the variable in Advanced Resource Assign Expression.
expr { [mcget {session.logon.last.usergroup}] equals "usergroup1" }
iRule:
when ACCESS_POLICY_AGENT_EVENT { if { [ACCESS::policy agent_id] eq "usercheck" } { if { [class match [ACCESS::session data get "session.logon.last.username"] equals /Common/dg_userlist1] } { ACCESS::session data set session.logon.last.usergroup "usergroup1" } elseif { [class match [ACCESS::session data get "session.logon.last.username"] equals /Common/dg_userlist2] } { ACCESS::session data set session.logon.last.usergroup "usergroup2" } elseif { [class match [ACCESS::session data get "session.logon.last.username"] equals /Common/dg_userlist3] } { ACCESS::session data set session.logon.last.usergroup "usergroup3" } else { ACCESS::session data set session.logon.last.usergroup "usergroup4" } } }
If you add the datagroup records as string-value(username-variable), you can use only one datagroup and simplify the iRule by assigning datagroup parameter's value to the variable.
when ACCESS_POLICY_AGENT_EVENT { if { [ACCESS::policy agent_id] eq "usercheck" } { if { [class match [ACCESS::session data get "session.logon.last.username"] equals /Common/dg_userlist] } { ACCESS::session data set session.logon.last.usergroup [class match -value [ACCESS::session data get "session.logon.last.username"] equals /Common/dg_userlist] } else { ACCESS::session data set session.logon.last.usergroup "nondatagroupuser" } } }