Forum Discussion
Nimbostratusirule task conformation
The iRules wiki documentation clearly states that when you call ASM::disable or ASM::enable, you enable or disable ASM for the ENTIRE connection, not just the request, UNTIL the opposite command is called. In that sense, your logic is valid and that is why you need the "else." That takes care of all 3 questions. Additionally, I'd check to see if ASM is already enabled when a request comes in that doesn't contain landing-page and issue a return command if it is.
Like this:
when HTTP_REQUEST { if { [HTTP::uri] contains "landing-page" } { ASM::disable log local0. "ASM disabled." } else { if { [POLICY::controls asm] == 1 } { return } else { ASM::enable /Common/myasmpol log local0. "ASM enabled. Current ASM policy is [ASM::policy]" } } }As for whether it will work the way you expect it to, I can't say. I would suggest spinning up an internal test VIP with the same policy and pool and using a host file entry to test the behavior.
AltocumulusThe iRules wiki documentation clearly states that when you call ASM::disable or ASM::enable, you enable or disable ASM for the ENTIRE connection, not just the request, UNTIL the opposite command is called. In that sense, your logic is valid and that is why you need the "else." That takes care of all 3 questions. Additionally, I'd check to see if ASM is already enabled when a request comes in that doesn't contain landing-page and issue a return command if it is.
Like this:
when HTTP_REQUEST {
if { [HTTP::uri] contains "landing-page" }
{
ASM::disable
log local0. "ASM disabled."
}
else {
if { [POLICY::controls asm] == 1 }
{ return }
else {
ASM::enable /Common/myasmpol
log local0. "ASM enabled. Current ASM policy is [ASM::policy]"
}
}
}
As for whether it will work the way you expect it to, I can't say. I would suggest spinning up an internal test VIP with the same policy and pool and using a host file entry to test the behavior.
cmard_195831Thank you.
