Forum Discussion
nirsham_178691
Mar 31, 2015Nimbostratus
IP Address Exception in ASM
Hi,
Is there a way to create an IP ADDRESS exception per ASM signature ?
The IP Address exceptions list is too general for all ASM protections . I need something more specific .
I know...
Hannes_Rapp
Nimbostratus
As far as I'm aware, the closest option in GUI you have is creating an IP address exception (linked to a particular ASM policy). If you want something more granular (an exception, linked to a specific signature ID), it can be done using iRules only.
A single IP and signature:
when ASM_REQUEST_DONE {
if { ([IP::client_addr] == "My-IP-Address") && ( [ASM::violation details] contains "My-Signature-ID") }{
ASM::unblock
log local0. "[ASM::violation_data]. Unblocked for [IP::client_addr]"
}
}
Multiple IP addresses and multiple signatures:
when ASM_REQUEST_DONE {
if { ( [class match[IP::client_addr] == "data-group-ip-address-list"] ) && ( [class match[ASM::violation details] contains "data-group-signature-ids"] ) }{
log local0. "[ASM::violation_data]. Unblocked for [IP::client_addr]"
ASM::unblock
}
}
nirsham_178691
Mar 31, 2015Nimbostratus
Ok,
thanks. I'll give it a go .
Regards,
Nir
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects