For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Lopf's avatar
Lopf
Icon for Nimbostratus rankNimbostratus
Apr 23, 2019

iRule disable ASM and close TCP connection

I'm referring to example 1 on https://devcentral.f5.com/wiki/irules.asm__disable.ashx This lets me disable ASM when a certain condition, e.g. a HTTP::path matches. But the documentation also state...
ASM Advanced WAF
iRules
security
youssef1's avatar
youssef1
Icon for Cumulonimbus rankCumulonimbus
Apr 23, 2019

Hi,

 

I strongly advise you to use the LTM policy function to disable asm for specific path. it's easier to use, more optimized and more secure. let me explain.

 

Every request are evaluate unlike irule that manages access by connection (each request it's like a new connection):

 

for more info:

 

https://devcentral.f5.com/questions/advantages-of-local-traffic-policies-vs-irules

 

So you can achieve your need using ltm POLICIES: Local Traffic ›› Policies : Policy List

 

let me know if you need more details.

 

regards,