Forum Discussion

Rich_L's avatar
Rich_L
Icon for Nimbostratus rankNimbostratus
May 25, 2017

iRule to allow IP address that is being blocked by ASM Geo-location policy

We have an ASM security policy configured on our public facing Virtual Servers. We also enforce blocking access from countries that we do not allow in our Geo-Location policy. I am looking to allow...
application delivery
ASM Advanced WAF
cjunior's avatar
cjunior
Icon for Nacreous rankNacreous
Mar 28, 2018

Hi,

Did you tried in this way? 

when ASM_REQUEST_DONE {
    if { [ASM::status] eq "blocked" } {
        if { [IP::client_addr] == "123.456.789.101" && [ASM::violation names] eq "VIOLATION_ILLEGAL_GEOLOCATION" }{
            log local0. "[ASM::violation_data]. unblocked for [IP::client_addr]"
            ASM::unblock
        }
    }
}

So, requests from that origin that contains only geolocation violation will be ignored.

Regards.