Forum Discussion
Jaime_S_Beckman
Nimbostratus
Feb 16, 2017TCL error on an iRule used for ASM managment
We have an iRule that is used to conditionally unblock triggered attack signatures on ASM policies for specific requests. Largely, this iRule works great. For some applications, however, it present...
Jaime_S_Beckman
Nimbostratus
Mar 03, 2017Turns out that while the f5 documentation says that HTTP::uri can be called from the context of ASM_REQUEST_DONE, it acutally can NOT. This was fixed by changing the syntax slightly to what is shown below and puts the the iRule in the context of the HTTP_REQUEST.
when HTTP_REQUEST { set dnnuri [string tolower [HTTP::uri]] } when ASM_REQUEST_DONE {
if { [ class match $dnnuri starts_with dg_asm_dnn_urilist ] and [ class match [ASM::violation details] contains dg_asm_dnn_violationlist ] } { ASM::unblock } }
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects