Forum Discussion

Nimbostratus

May 25, 2017

iRule to allow IP address that is being blocked by ASM Geo-location policy

We have an ASM security policy configured on our public facing Virtual Servers. We also enforce blocking access from countries that we do not allow in our Geo-Location policy. I am looking to allow...

application delivery

ASM Advanced WAF

David_Holmes_12

Historic F5 Account

Jun 06, 2018

Re the update from 28-March. Wouldn't this iRule fail?

The first violation would always be "ILLEGAL_GEOLOCATION". ASM::unblock would then turn off ASM for the session. No other violations would be seen. So if the second request contained an SQL injection, it wouldn't be seen because ASM was now being bypassed?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

iRule to allow IP address that is being blocked by ASM Geo-location policy

The New F5 Certified BIG-IP Administrator Certification Exams Now Live

F5 Academies Are Back – And We’re Coming to a City Near You

Recent Discussions

Why does SSLO not support ACTIVE-ACTIVE mode deployments？

Failed to set RDP launch token timeout

Horizon View iApp - Big-IP 17.5

r4600 Tenant CPU Assignment

master key file on vcmp guest HA Cluster different?

Related Content

How can I achieve automatic update of the IP Geo Location database?

Blocking Traffic based on Geo Location

Bash Script for automatically downloading, copying and updating LatLong geo location files from Digital Element

Block IP Addresses With Data Group And Log Requests On ASM Event Log

CSV to Address External Datagroup File

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS