Forum Discussion
robert_83958
Nimbostratus
NimbostratusSend 1 uri to ICAP
Hi, It's been 2 year since i've done F5 ASM and i noticed some changes in 11.4
The ASM is differently set up. I used to make classes and attached policies, but that's now gone. What i wan't is send 1 specific uri to an icap server (proxyAV). I used to make an extra class for this setup to only match on the specific upload uri. This wouldn't intefere with the existing policy for the whole application, and prevents sending all traffic to the icap. How would i approach this now on 11.4?
PeteWhiteEmployee
Do you want to do ICAP on LTM or on ASM? Lots of info in the LTM manuals about ICAP setup and it works well. https://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/ltm-implementations-11-4-0/12.htmlconceptid
robert_83958The one thing i missed here is being able to send just 1 uri to this profile. Is that possible? I have an ASM, but maybe i can avoid the 10mb upload limit by using the LTM option- Torti_93733
you can do this with an irule.
We had have the same problem (20mb max limit) and I send it to an proxy, now.
From there we send it back to ltm, because of load balancing.
All you need, is to check the URL with the irule and send it then to the pool or virtual server of your AV proxy.
The proxy check for malware and virus and send it to any destination.
I did create another VS, because the AV proxy cannot load balance.
nolipinedaAltostratus
Hi Torti, Are you able to share your iRule for the above scenario?- Torti_93733it depends on the realease. So, for which firmware version? 11.4 or 11.5 or higher?
Tortiyou can do this with an irule.
We had have the same problem (20mb max limit) and I send it to an proxy, now.
From there we send it back to ltm, because of load balancing.
All you need, is to check the URL with the irule and send it then to the pool or virtual server of your AV proxy.
The proxy check for malware and virus and send it to any destination.
I did create another VS, because the AV proxy cannot load balance.- nolipinedaHi Torti, Are you able to share your iRule for the above scenario?
- Tortiit depends on the realease. So, for which firmware version? 11.4 or 11.5 or higher?
- nolipineda
Hi Torti,
Currently using 11.6.0.
Thanks!
- Torti
in 11.6 you can use a LTM policy.
There you select the uri as condition and set a forwarding to the the AV proxy virtual server and asm disable as actions.
Step 2 is another VS as destination for the AV proxy and for the ASM security policy.
As result, you have 1 VS for all incomming https traffic and another VS for the traffic from the AV proxy.
It is not the easiest way, but it works fine for me. With ICAP, we allways have problems in form of blocked requests by communication problems between f5 and the AV poxy.