URL string map and ASM

Question

Hi all, I'm looking into some ASM blocks that are being triggered for an illegal URL violation. &nbsp;
We have an application call coming in as /app-abc/... which we use an iRule to string map the call to app-abc-1.0/... - as this avoids having version specific calls from external sources. This works fine as confirmed by the application tests and ltm log messages, but we get some calls which are being blocked because they're coming as app-abc-1.0/...&nbsp;
I can run a clean test from postman and get a block because of this violation even though the call has passed through the iRule (seen ltm log message to confirm) - I though that ASM was processed before LTM?&nbsp;
This one is confusing me. its like its a subsequent call which is being blocked. Does the string map persist back to the client?&nbsp;
Any help or advice on this one would be greatly appreciated. &nbsp;

stanislas_piro2 · Answer

ASM is one of the last product evaluated...&nbsp;
First is AFM with FLOW_INIT eventThen LTM with CLIENT_ACCEPTED, CLIENT_DATA, HTTP_REQUEST eventsThen LTM with CLIENT_ACCEPTED, CLIENT_DATA, HTTP_REQUEST eventsThen APM with ACCESS_SESSION_STARTED eventand finally ASM
So when you change URI in HTTP_REQUEST event, ASM will see the new URI.&nbsp;
This is useful when we want to disable ASM or change ASM policy based on URI.&nbsp;

Forum Discussion

URL string map and ASM

Recent Discussions

Diameter iRules attachment?

Source IP F5 DNS Zone Forwarder

F5 BIG-IP

BIG-IP Oauth Client and AS

How to Renew F5 Device Certificate

Related Content

API Gateway Mapping - Gartner - F5

F5 TIC3.0 Capability Mappings

Bigpipe Mappings

iRules Heat Map - US Only

F5 Network Map to Json with Python

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS