Forum Discussion
Real life benefits of bypassing ASM
I have a rule which is designed to bypass ASM for static images originally in order to reduce the load on ASM. Since this time the environment has increased to 5 dedicated ASM devices and left the ASM load very very low, so I'm questioning the need to bypass it.
this rule checks the following:
- url ends in a list of suffixes
- method is a GET
- uri starts with a /
- uri is under a max length
- uri contains valid characters only
and then for EVERY header:
- contains valid characters only
- name is under a max length
- value is under a max length
if every check passes, then ASM is bypasses....
Now, if we're being this rigorous in the first place, wouldn't you just not bother, and let ASM handle it and just dial down the checks on these certain file types? It's not like ASM is really going to be doing a vast amount more, and a fewer iRule to submit every single request to can't be a bad thing...
- hooleylistCirrostratusHi Acidkewpie,
- Chris_PhillipsNimbostratusIt's almost like you know the exact rule I'm talking about... :) ta
- hooleylistCirrostratusIf caching on LTM complicates troubleshooting, I'd just remove the iRule and have ASM validate all of the requests. Last I know you guys had spare ASM capacity so it makes sense to simplify the implementation and remove the static content iRule. Of course, you'll want to test the policy and make sure the static content is defined correctly in the security policy.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com