For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Extending AFM with iRules

The Advanced Firewall Manager (AFM) is a powerful network security solution in its own right. The policy flexibility in AFM enables the majority of functionality necessary to protect your application...

Published Apr 14, 2016

Version 1.0

Admin

Christ Follower, Husband, Father, Technologist. I love community and I especially love THIS community. My background is networking, but I've dabbled in all the F5 iStuff, I'm a recovering Perl guy, and am very much a python enthusiast. Learning alongside all of you in this accelerating industry toward modern apps and architectures.

Admin

Cirrostratus

Apr 25, 2018

Now I had the time to test this again.

We have a vCMP with v12.1.3.

AFM Policy attached to VS:

security firewall policy /Common/afm_block_example {
    description "afm block http example"
    rules {
        rule_block_all {
            action drop
            irule /Common/AFM_block_example
        }
    }
}

irule /Common/AFM_block_example:

when FLOW_INIT {

log local0. "FLOW_INIT / ACL_action: [ACL::action]"

    if { [ACL::action] equals "drop" } {
        ACL::action allow
        log local0. "L3/4 FW Policy Disabled"
    }
}
when HTTP_REQUEST {
    HTTP::respond 401 content {BLOCKED: This content is blocked due to export restrictions

    }
    log local0. "401 Block ACL iRule was hit"
    drop
}

What I see in the log:

Apr 25 12:51:59 slot1/f5 info tmm[28247]: Rule /Common/AFM_block_example : FLOW_INIT / ACL_action: 0

HTTP Request is blocked then.

What is wrong here?

Extending AFM with iRules

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS