SoL7616: ASM Static Content Bypss

Question

Greetings, 
&nbsp;  
&nbsp; In Sol7616, which uses an iRule to have static content bypass the ASM, one is instructed to create a "static content pool" with the server IP's that deliver static content and associate it with VIP.  However, we already have a VIP and pool set up for all of our content, static and dynamic.  I am assuming that, given this case, we can use our existing pool in the iRule and not create a new one, but I wanted to verify. 
&nbsp;  
&nbsp; Also, the iRule references "SET_STATIC_HOST_NAME_HERE", instructing one to replace that with the "name of the Host header you want to insert".  I am unsure as to what this Host header value should be. 
&nbsp;  
&nbsp; Here is the link to the Solution ID: 
&nbsp;  
&nbsp; https://support.f5.com/kb/en-us/solutions/public/7000/600/sol7616.html?sr=840207 
&nbsp;  
&nbsp; Any help would be greatly appreciated. 
&nbsp;  
&nbsp; Thank you, 
&nbsp; j1devc2d

hoolio · Answer

Hi there, 
&nbsp;  
&nbsp; A more secure method for handling static content would be to use RAM caching with ASM.  The advantage is that every request and response which goes to the app is validated by ASM, and subsequent requests for the static file types are answered from cache.  This requires RAM cache to be licensed.  The implementation is described in SOL8216/SOL7056 on AskF5. 
&nbsp;  
&nbsp; If that's not an option, then bypassing ASM for static file types is a good alternative.  You don't need to specify a pool at all for the rule.  It's in the example for people who have separate servers to host the static content.  You could either set it to the same pool as is configured on the VIP, or you could remove the 'set ::static_content_pool "SET_STATIC_POOL_NAME_HERE"' and 'pool $::static_content_pool' lines. 
&nbsp;  
&nbsp; The host variable should be set to the HTTP host for your application.  If the URL is https://test.mysite.example.com/login.jsp, the host variable should be set to test.mysite.example.com. 
&nbsp;  
&nbsp; I'm curious to see if the example works verbatim.  It looks like there might be some formatting issues in the solution example.  If you run into problems using the rule, reply here for help. 
&nbsp;  
&nbsp; Aaron

jay_de_leo_3956 · Answer

Thanks so much for your help, Aaron. 
&nbsp;  
&nbsp; The iRule did work pretty much as is - the only change I made to it was your recommendation to remove the set and pool lines referencing the static content pool. 
&nbsp;  
&nbsp; Thanks again! 
&nbsp;  
&nbsp; Yours, 
&nbsp; j1devc2d

hoolio · Answer

Good to hear.  There is a typo in the 9.4.2 - 9.4.4 version where the open square brace after expr is missing 
&nbsp;  
&nbsp; BIG-IP ASM versions 9.4.2 through 9.4.4 
&nbsp; ... 
&nbsp; set test_uri2 [string range [HTTP::uri] 1 [expr string last . [HTTP::uri]]-1]] 
&nbsp;  
&nbsp; should be: 
&nbsp;  
&nbsp; set test_uri2 [string range [HTTP::uri] 1 [expr [string last . [HTTP::uri]]-1]] 
&nbsp;  
&nbsp; Aaron

Forum Discussion

SoL7616: ASM Static Content Bypss

3 Replies

F5 Container Ingress Services (CIS) and using k8s traffic policies to send traffic directly to pods

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

Same LTM Monitor applied to different Pools with Common Nodes

irule execution error

F5 AWAF/ASM learning only from Trusted traffic?

OWA File Upload URIs for WAF Bypass

Curl 7.10.5 < 8.12.0 Integer Overflow (CVE-2025-0725)

Related Content

iRules Recipe 4: Static Maintenance Page

Modernizing F5 BIG-IP Synchronized HA Pairs with Ansible Validated Content

Layer 7 Content Routing in F5 XC

DevCentral Content Highlights

Static Route

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS