Forum Discussion
NimbostratusPilot for ASM deployment
Hello friends,
Can you please help me as below:
I am deploying ASM for our customer, a bank. It is being used for internet banking, web application,... The ASM already learnt traffic and now before applying what has been learnt to the policy and this will effect the whole users. The customer wants that there should have a pilot first, only the internal users are applied this policy but the customer doesn't want to create another virtual server (for pilot) because the customer can't manage if the internal users uses the real server (eg f5.com) or the pilot one (eg f5-1.com). So the question is wether there is a way to apply the policy based on the ip address so that only the internal users with a specific range of ip addresses are affected by this policy.
I'm expecting and appreciate your reply.
Thank you! Kiet
2 Replies
natheCirrocumulus
Kiet,
Would this simple iRule work? I've taken this from another post bypass ASM
when HTTP_CLASS_SELECTED { ASM::enable if { [class match [IP::client_addr] ne asm_internal] } { ASM::disable } }So, create a datagroup called asm_internal with your internal IP address range and any source IP which doesn't match this will have ASM disabled.
Hope this helps,
N
htkiet_42906Thank you very much Nathan! Our ASM is currently runing version 11.2.1 So what I need to do is: 1. Create a data group (if you have document on how to . 2. Create an Irule as your suggestion 3. Apply that Irule to Virtual Servers Please correct me if I am wrong at somewhere.
Best regards, Kiet
