Forum Discussion

Nimbostratus

Apr 23, 2019

iRule disable ASM and close TCP connection

I'm referring to example 1 on https://devcentral.f5.com/wiki/irules.asm__disable.ashx This lets me disable ASM when a certain condition, e.g. a HTTP::path matches. But the documentation also state...

MVP

Apr 24, 2019

Hi Lopf,

But the documentation also states, that ASM is then disabled for the "duration of the TCP connection or until ASM::enable is called."

You can pretty much ignore the (slightly outdated) documentation. The mentioned statement was true at the time HTTP-Class was used to assign ASM Policies.

Since v11.4 LTM Policies are used to enable an assign a given ASM Policy. The LTM Policies are operating on a per-request level and therefor revert your

ASM::disable

command and reselect the default ASM Policy on the very next request of the same underlying TCP connection.

when HTTP_REQUEST { 
    if { [HTTP::path] contains "/.well-known/acme-challenge/" } { 
        ASM::disable
    } else {
         You don't have to care about re-enabling ASM. Your LTM Policy already did that...
    }
}

Cheers, Kai

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

iRule disable ASM and close TCP connection

AppWorld 2026: Save the Date and Join Our Community In Person!

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

Does F5 rSeries 4600 support 3rd Party SFP

no upload file .docx

F5 LACP

F5 BGP Peering in Active /Standby Cluster

AS3 Storage

Related Content

iRules: Disabling Event Processing

Advanced iRules: Sideband Connections

iRules LX Sideband Connection

iRules LX Sideband Connection - Handling timeouts

Disabling signature for a URL

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS