Forum Discussion
CirrusLocal Traffic Policy rule or irule to bypass the BIG-IP ASM
You can go by this:
So first I select every Host that does not need ASM and any other Host gets ASM enabled.
But you can do something like this also:And for those two conditions I have selected "skip this condition if its missing from request"
MVPHi,
you can choose what ever suits your case. I did it this way:
LTM Policy for activating ASM. This policy is on every virtual server with one rule
"Activate ASM" but with two other conditions
IF NOT HOST XYZ.com
or
IF NOT URI Full String /abc/123.html
CirrusHi,
Can you share a sample LTM rule or irule for the above requirement.
- P_Kueppers
You can go by this:
So first I select every Host that does not need ASM and any other Host gets ASM enabled.
But you can do something like this also:And for those two conditions I have selected "skip this condition if its missing from request"
- CHRISTY_THOMAS
Hi,
Thank you ,
I have created the LTM rule that you have shared. and also i have created a iRule also: The irule worked.
Is there any possibility of fine-tuning the following iRule with a header name condition in addition to the URL? Can you help me with this?
when HTTP_REQUEST {
if {[HTTP::uri] contains "/sxx/xxx/cron"} {
ASM::disable
log local0. "ASM disabled"
} else {
ASM::enable /Common/SEC_Policy
log local0. " ASM ENABLED. Current ASM policy is [ASM::policy]"
}
}
- P_Kueppers
Sure can you fine-tune this with more conditions. Header Based would look like this:
when HTTP_REQUEST { if {[HTTP::uri] contains "/sxx/xxx/cron" OR [HTTP::header exists "DISABLE_ASM"] } { ASM::disable [...]
