For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Sinistrad_29710's avatar
Sinistrad_29710
Icon for Nimbostratus rankNimbostratus
Oct 25, 2017

iRule disable ASM - Check

Hi F5 exeprts, Could you please help me writing URL for disabling ASM for a specific URL: test.com/Modules/CommentsandChanges/MyHoldManagement.aspx   Below the iRule I want to use:   when HTTP_...
iRules
security
Kai_Wilke's avatar
Kai_Wilke
Icon for MVP rankMVP
Oct 25, 2017

Hi Sinistrad,

 

your iRule looks fine for me. The only thing I would strongly recommend to change is:

 

After disabling ASM for a given Request-URI, you should make sure that ASM gets re-enabled for subsequent HTTP-Request send over the same TCP-Connection. If you don't re-enable ASM a skilled attacker may get notice of this bypass, request the bypassed URI and rigth after send abritary exploit code to other URIs over the same TCP connection without having the inspection of ASM in place...

 

when HTTP_REQUEST { 
    if { ( [HTTP::host] equals "test.com" ) 
     and ( [HTTP::path] equals "/Modules/CommentsandChanges/MyHoldManagement.aspx" ) } then { 
        ASM::disable 
    } else {
        ASM::enable "/Common/MyPolicy"
    }
}

Cheers, Kai