Hi,
Thanks for your answer.
> Can you add a log action, with that we will know if it's matched or not.
I added log action and it's never matched(regardless the country code provided in the rule). It's same as rule invocation statistics. Strange thing is, when I change Condition from:
http-header all name X-GEO-COUNTRY not equals en (Value can be missing:true)
to
http-header all name X-GEO-COUNTRY not contains en (Value can be missing:true)
then it's always matched(again regardless the country code provided).
And finally also when 'Value can be missing' is not set, the results above are completely negated.
>Also can you paste your policy configuration here ?
I'm not sure if this is what you asked for:
Strategy: first-match
Requires: http
Controls: asm
Rules:
rule1: "http-uri path starts-with /something1/" "asm enable policy /partition1/policy1"
rule2: "http-uri path starts-with /something2/" "asm enable policy /partition1/policy2"
rule3: "http-header all name X-GEO-COUNTRY not equals en (value can be missing:true)" "asm enable policy /partition1/untrusted-countries-policy"
rule4: "" "asm enable policy /partition1/trusted-countries-policy"
Rule1 and rule2 works OK. For other traffic always only one rule is matched for all requests: rule3 or rule4 depending on equals/contains or value can/can't be missing condition.
And iRule works OK, i.e. this is from HTTP Request logged by ASM:
X-GEO-COUNTRY: us