Forum Discussion

Vivek_Padale_16

Nimbostratus

Jul 26, 2014

iRule for ASM

Is there any iRule for allowing SQL injection and XML tagging in ASM for a specific url

Employee

Jul 31, 2014

Hi Vivek, you mean unblock ?

Sorry about that my response was not quiet so clear. here is the correct irule if you want to unblock SQL injection on you page, try to respect line feed (not easy with copy and past) and you need to activate in the ASM policy, advance menu, the option called "Trigger ASM iRule Events" otherwise the event ASM_REQUEST_DONE will never match.

To be clear this irule is unbloking ASM when SQL Injection is detected (and only this violation that is why you have a <2) on your uri /myblock.

when ASM_REQUEST_DONE {

if { [HTTP::uri] equals "/myblock" && [ASM::violation count] < 2 } { 
    if { [ASM::violation attack_types] equals "ATTACK_TYPE_SQL_INJECTION"} { 
        ASM::unblock 
    } 
} else { 
     More than one violation, too dangerous to Unblock return 

} 
}

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)