Forum Discussion
CirrusLocal Traffic Policy rule or irule to bypass the BIG-IP ASM
You can go by this:
So first I select every Host that does not need ASM and any other Host gets ASM enabled.
But you can do something like this also:And for those two conditions I have selected "skip this condition if its missing from request"
CirrusHi,
Can you share a sample LTM rule or irule for the above requirement.
MVPYou can go by this:
So first I select every Host that does not need ASM and any other Host gets ASM enabled.
But you can do something like this also:
And for those two conditions I have selected "skip this condition if its missing from request"
- CHRISTY_THOMAS
Hi,
Thank you ,
I have created the LTM rule that you have shared. and also i have created a iRule also: The irule worked.
Is there any possibility of fine-tuning the following iRule with a header name condition in addition to the URL? Can you help me with this?
when HTTP_REQUEST {
if {[HTTP::uri] contains "/sxx/xxx/cron"} {
ASM::disable
log local0. "ASM disabled"
} else {
ASM::enable /Common/SEC_Policy
log local0. " ASM ENABLED. Current ASM policy is [ASM::policy]"
}
}
- P_Kueppers
Sure can you fine-tune this with more conditions. Header Based would look like this:
when HTTP_REQUEST { if {[HTTP::uri] contains "/sxx/xxx/cron" OR [HTTP::header exists "DISABLE_ASM"] } { ASM::disable [...]
