Forum Discussion
CirrusSpecific uri set to not log on asm
All,
We have a specific request that is set to perform a health check on our asm policies to ensure they are blocking as expected. Basically it is https://url/<script!> which gets blacked every time. The asm logs it into the event logs but there are so many requests I want to set it so anything that is /<script!> will block but not log. Does this need to be an irule or is there a way in the logging profile or policy that we can set this uri to not log?
rob_carrCirrocumulus
If you know exactly where the request is coming from and there is no other traffic coming from the same location, you could use IP address exceptions to stop logging for traffic from that location.
Dave_PisarekWe cannot block via ip as it changes and is from multiple locations. I don't even see where I can create a custom violation or attack signature and disable logging. No ASM event for irules to disable logging.
Ivan_ChernenkiiEmployee
Hello Dave,
I am not sure that I understand use case of such asm health check, but if you want to execute health check of asm policy, then better to use some dummy VS for this purpose.
Thanks, Ivan
- Dave_Pisarek
Customer used pingdom to test that the ASM is working as expect but having a check looking for the wording in the response page. I can propose using a dummy vs but you will still have the event logs hit with a bunch of the logs for this check. I can't believe there is no way to not log except based on ip.
- Ivan_Chernenkii
If you can propose using a dummy vs for these checks only, then you can disable local logging for this dummy vs. Will it help?