Forum Discussion

Federico_Battag's avatar
Federico_Battag
Icon for Nimbostratus rankNimbostratus
May 22, 2013

disable ASM on a specific URL

  Hi all,   I'm sending this message to ask if someone can tell me a way to disable ASM checks (violations and signature) for a specific URL.     In particular, I have an application ...
app sec
BIG-IP Access Policy Manager (APM)
security
dichotomouse's avatar
dichotomouse
Icon for Nimbostratus rankNimbostratus
Feb 15, 2016

The best way I've found, after an F5 Tech Support call is the LTM Policy rules method described here: https://support.f5.com/kb/en-us/solutions/public/14000/700/sol14709.html

 

Make sure that when you are done creating the rule, you click the 'ReOrder' button and move your new rule ABOVE the default ASM enable rule, otherwise it may not work depending on if you left it at 'first-match', 'best-match', or 'all-match' in the strategy field of the LTM policy.

 

We also used it to bypass ASM for large uploads and downloads. The difference in that case was we used the 'extension' selector for the request. The tricky part was finding out what our application was using for an extension in the request, it was not the expected file extension but instead '.download' was appended to the URI string. We were able to find that out using the developer tools in Firefox with a little Fiddler work thrown in. Once we added '.download' to the extension list in the rule conditions, it started working perfectly.

 

BTW: you can see if your new rule is working on the 'Statistics' tab in the LTM Policy screen.

 

Hope this helps someone!