Extending AFM with iRules
Published Apr 14, 2016
Version 1.0Was this article helpful?
Now I had the time to test this again.
We have a vCMP with v12.1.3.AFM Policy attached to VS:
security firewall policy /Common/afm_block_example {
description "afm block http example"
rules {
rule_block_all {
action drop
irule /Common/AFM_block_example
}
}
}
irule /Common/AFM_block_example:
when FLOW_INIT {
log local0. "FLOW_INIT / ACL_action: [ACL::action]"
if { [ACL::action] equals "drop" } {
ACL::action allow
log local0. "L3/4 FW Policy Disabled"
}
}
when HTTP_REQUEST {
HTTP::respond 401 content {BLOCKED: This content is blocked due to export restrictions
}
log local0. "401 Block ACL iRule was hit"
drop
}
What I see in the log:
Apr 25 12:51:59 slot1/f5 info tmm[28247]: Rule /Common/AFM_block_example : FLOW_INIT / ACL_action: 0
HTTP Request is blocked then.
What is wrong here?