Country based ASM security policy
[ASM 11.5.1.HF4]
Hello,
I'm trying to setup ASM security policy based on client country geoip.
So my thoughts was to use the following iRule:
when HTTP_REQUEST {
HTTP::header remove "X-GEO-COUNTRY"
HTTP::header insert "X-GEO-COUNTRY" [string tolower [whereis [IP::remote_addr] country]]
}
It just add custom HTTP header containing geoip country information to request(Tested, works OK).
Then I put following rule to policy selection:
Conditions:
http-header all name X-GEO-COUNTRY not equals en
Actions:
asm enable policy not-en-policy
And finally I moved the (policy) rule before last rule which match all other traffic. Unfortunately it doesn't work. There are no invocations on this rule. The last rule has all invocations. I guess, it's because the iRule header is added too late, after policy selection. Right? I don't want to select security policy directly in iRule. Is there any easy solution for this?