Forum Discussion
Turn off File type check for a specific URL
- Aug 30, 2017
when ASM_REQUEST_DONE { if { [HTTP::uri] starts_with "/&siteid=" && [ASM::violation count] < 5 } { if { [ASM::violation_data] contains "VIOLATION_OBJ_TYPE"} { ASM::unblock } } else { More than one violation, too dangerous to Unblock return } }
I have made only minor modification to what Arnaud has done here: https://devcentral.f5.com/questions/irule-for-asm
Hi , You can achieve it through irule . Make sure you enable Trigger ASM iRule Events in ASM policy.
when ASM_REQUEST_DONE {
if {([HTTP::host] equals "test.test.com") and ([string tolower [HTTP::uri]] contains ".exe") and ([ASM::violation_data] contains "VIOLATION_OBJ_TYPE" ) } { ASM::unblock } }
- saidshow_251381Aug 30, 2017Cirrostratus
Hi nag, I like this iRule. What you have there does look like it would only prevent blocking on a specific file type such as ".exe" in your example. Since the requests I am looking at that are referral ids, they may be something like "adsa.cchh3" or "0.87dsajb232.adsa" and details past the "." are always unique as a result I don't expect that this would work.
The URI does start with &siteid=, however I do not want to completely disable ASM such as I am doing with the iRule below.
when HTTP_REQUEST { if { [HTTP::uri] starts_with "/&siteid=" } { ASM::disable } }
I would prefer to just disable the illegal file type check however I am unsure of the violation type. I will work on this - I will print everything to screen so that I find the details. Thank you for your help.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com