Extending AFM with iRules
The Advanced Firewall Manager (AFM) is a powerful network security solution in its own right. The policy flexibility in AFM enables the majority of functionality necessary to protect your application...
Published Apr 14, 2016
Version 1.0JRahm
Admin
Joined January 20, 2005
JRahm
Admin
Joined January 20, 2005
Peter_Baumann
Apr 25, 2018Cirrostratus
Now I had the time to test this again.
We have a vCMP with v12.1.3.AFM Policy attached to VS:
security firewall policy /Common/afm_block_example {
description "afm block http example"
rules {
rule_block_all {
action drop
irule /Common/AFM_block_example
}
}
}
irule /Common/AFM_block_example:
when FLOW_INIT {
log local0. "FLOW_INIT / ACL_action: [ACL::action]"
if { [ACL::action] equals "drop" } {
ACL::action allow
log local0. "L3/4 FW Policy Disabled"
}
}
when HTTP_REQUEST {
HTTP::respond 401 content {BLOCKED: This content is blocked due to export restrictions
}
log local0. "401 Block ACL iRule was hit"
drop
}
What I see in the log:
Apr 25 12:51:59 slot1/f5 info tmm[28247]: Rule /Common/AFM_block_example : FLOW_INIT / ACL_action: 0
HTTP Request is blocked then.
What is wrong here?