Using ASM logic in iRules

Question

Hi all, &nbsp;
&nbsp;I have a HA pair of 3900's running v10.2.3 LTM and ASM so I have the web scraping blocking capability. &nbsp;
&nbsp;I’d like to be able to identify traffic from search engines so I can tag the URI sent to my IIS application and log an additional value for reporting purposes. &nbsp;
&nbsp;As ASM can identify known robots, is it possible to reference this logic from an iRule? &nbsp;
&nbsp;I won’t embarrass myself putting up a clumsy iRule but in English, this is what I want: &nbsp;
&nbsp;Client connects to VS 
&nbsp;iRule fires 
&nbsp;iRule uses ASM engine to see whether this is a search engine 
&nbsp;(ASM checks user-agent and IP address as per web scraping technique) 
&nbsp;ASM returns yes/no for search engine 
&nbsp;If yes, iRule adds a variable to the URI for the application to pick-up. If no, iRule completes with no action taken. &nbsp;&nbsp;
&nbsp;Has anyone ever tried to do something like this? &nbsp;
&nbsp;Cheers, Steve

hooleylist · Answer

Hi Steve, 
&nbsp;  
&nbsp; You could try testing the following: 
&nbsp;  
&nbsp; Put the web scraping check set for alarm and learn but not block in the ASM policy's blocking settings. 
&nbsp; Create an iRule which checks in ASM_REQUEST_VIOLATION for ASM::violation_data's Violation list containing VIOLATION_WEB_SCRAPING_DETECTED 
&nbsp; Insert an HTTP header in the request or modify the URI to append a query string parameter using HTTP::header or HTTP::uri 
&nbsp;  
&nbsp; Here are a few related wiki pages: 
&nbsp;  
&nbsp; https://devcentral.f5.com/wiki/iRules.ASM_REQUEST_VIOLATION.ashx 
&nbsp; https://devcentral.f5.com/wiki/iRules.ASM__violation_data.ashx 
&nbsp; http://devcentral.f5.com/wiki/iRules.http__header.ashx 
&nbsp;  
&nbsp; If you get something working it would make a great codeshare example.  Else if you get stuck add debug logging to your iRule and reply back with the iRule you're testing, details of the issue you're seeing and debug log from /var/log/ltm. 
&nbsp;  
&nbsp; Aaron

steve_87971 · Answer

Hi Aaron, thank you for your response. 
&nbsp;  
&nbsp; I'll take a look at the links though I think there may be a couple of problems straight off the bat: 
&nbsp; 1. We already have scraping in blocking mode so only Google and Bing etc can spider our site (or we will have - got a bit of a support issue with it) 
&nbsp; 2. If the request we want to mark is from Google or Bing then surely they wouldn't be marked by ASM as violations? - ASM is supported to let those guys through. 
&nbsp;  
&nbsp;  
&nbsp; Cheers, Steve

Forum Discussion

Using ASM logic in iRules

Recent Discussions

ip x-forwarding

ports are showing open on online scanning tool

Upgrade F5 BIGIP

DNS HM Probe issue

Is XFF a must for ASM WAF DoS

Related Content

iRule logic to use multiple pools to force GTM failover on VIP

iRule 301 Redirect using Wildcard

Need help redirecting hundreds of host:uris to differentHOST:differentURI using datagroup and irule

Irule logic question

irule ports

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS