Forum Discussion
Vivek_Padale_16
Nimbostratus
Jul 26, 2014iRule for ASM
Is there any iRule for allowing SQL injection and XML tagging in ASM for a specific url
Arnaud_Lemaire
Employee
Jul 31, 2014Hi Vivek, you mean unblock ?
Sorry about that my response was not quiet so clear. here is the correct irule if you want to unblock SQL injection on you page, try to respect line feed (not easy with copy and past) and you need to activate in the ASM policy, advance menu, the option called "Trigger ASM iRule Events" otherwise the event ASM_REQUEST_DONE will never match.
To be clear this irule is unbloking ASM when SQL Injection is detected (and only this violation that is why you have a <2) on your uri /myblock.
when ASM_REQUEST_DONE {
if { [HTTP::uri] equals "/myblock" && [ASM::violation count] < 2 } {
if { [ASM::violation attack_types] equals "ATTACK_TYPE_SQL_INJECTION"} {
ASM::unblock
}
} else {
More than one violation, too dangerous to Unblock return
}
}
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects