Forum Discussion

Vivek_Padale_16

Nimbostratus

Jul 26, 2014

iRule for ASM

Is there any iRule for allowing SQL injection and XML tagging in ASM for a specific url

Employee

Jul 28, 2014

Here is an example unblocking login.php for the violation that you need to modify. please do use logging to find your correct violation name.

Requires 11.5.1.

when ASM_REQUEST_DONE { set x [ASM::violation_data] set uri [HTTP::uri]

log local0. "->Event-Tracer $uri [ASM::violation count] [IP::client_addr]:[TCP::remote_port] $x"

if { $uri equals "/login.php" && [ASM::violation count] < 2 } { log local0. "Violation: [ASM::violation attack_types]" if { [class match [ASM::violation attack_types] equals Disabled_Sig] } { ASM::unblock } } else { More than one violation, too dangerous to Unblock return } }

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)