I wrote this irule to count violations and send email notification once it reaches out the max rate
It should send email notification if number of violations in ASM / AWAF crossed the 100 violations in maximum 7 days
After 7 days the counter will be reset if no violation was encountered
If during the 7 days the counter reach the 100 violations it will send the email notification and reset the counter
I tested it and it is working
If it is not written the best way and If someone has any suggestions or can enhance it more he is more than welcome 🙂
Anyway, one thing I'd like to mention is that this irule using global variables because there is some variables need to be the same on all TMMs.
So during the commit you might notice the F5 CLI note the following message "demoted from CMP" .. So be aware of this