using websocket via ASM

Question

Hi all. 
I'm testing about ASM v11.4.1 and a website using websocket.
I wonder ASM can support websocket.
In my test, LTM can support websocket but ASM can't support it.
When apply ASM policy to VirtualServer, I can't show websocket part.
So I made a iRule, that is below:
when CLIENT_ACCEPTED { 
             HTTP::enable
}
when HTTP_REQUEST { 
             if { ([string tolower [HTTP::header value Upgrade]] equals "websocket" ) &amp;&amp; ([string tolower [HTTP::header value Connection]] equals "upgrade" ) } {  
                           log local0. "HTTP Disable"  
                ASM::disable 
             }
}

In this iRule, when websocket traffic is come, it disable ASM and pass to LTM.
But it means, if some web attacks are come through websocket, ASM can't block attacks.
In addition, if i change iRule from ASM::disable to HTTP::disable,
page loading is slowed.
Does any solution using with ASM and websocket?

nitass · Answer

But it means, if some web attacks are come through websocket, ASM can't block attacks.&nbsp;

as you know, currently it is not supported. i do not hear any plan.&nbsp;

In addition, if i change iRule from ASM::disable to HTTP::disable, page loading is slowed.&nbsp;

have you run tcpdump to see where the slow comes from?&nbsp;

nitass_89166 · Answer

But it means, if some web attacks are come through websocket, ASM can't block attacks.&nbsp;

as you know, currently it is not supported. i do not hear any plan.&nbsp;

In addition, if i change iRule from ASM::disable to HTTP::disable, page loading is slowed.&nbsp;

have you run tcpdump to see where the slow comes from?&nbsp;

yoonjoo__moon_1 · Answer

have you run tcpdump to see where the slow comes from?
--&gt; Yes. I captured it.
      In Wireshark, filtering "websocket", i can't find when using HTTP::disable, but others can find "websocket"

yoonjoo__moon_1 · Answer

have you run tcpdump to see where the slow comes from?
--&gt; Yes. I captured it.
      In Wireshark, filtering "websocket", i can't find when using HTTP::disable, but others can find "websocket"

j_castro · Answer

Hi everyone.&nbsp;
I have the same problem running 11.5.1. I've opened a support ticket and they confirmed that ASM currently does not support web socket streams and there is not an ETA to fix this issue.&nbsp;
But, How can we deal with this in the most secure way?
Anyone has heard about a workaround for this? I'm not a web developer but if this is a common behavior for websites behind a security device, it must be an option, from the developer perspective, to fulfill the operation of the websites without using websockets, just wondering.&nbsp;

Forum Discussion

using websocket via ASM

Recent Discussions

Background Tasks

Which process is consuming higher CPU

SSL bridging without SSL proxy forward

Big-IP VE edition for MacBook M4 Chip

Client SSL Profile set to Require Client Certificate breaks RDP in APM

Related Content

Clarification about WebSocket and ASM

Re: Mitigating OWASP API Security risks using BIG-IP

Mitigating OWASP API Security Risk: Injection flaws using F5 XC Platform

Using Ansible to Manage BGP on BIG-IP

Handle "Websocket-like" or other poorly compliant apps exceptions in ASM

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS