cancel
Showing results for 
Search instead for 
Did you mean: 

bypassing ASM from specific source IP

Abed_AL-R
Cirrostratus
Cirrostratus

Hello guys

 

What is the alternative irule for this:

https://clouddocs.f5.com/api/irules/ASM__disable.html

 

The HTTP_CLASS_SELECTED is not recognized anymore in newer versions

 

I know it is possible to configure this via regular policy but for this specific situation I prefer irule

 

4 REPLIES 4

Hi,

 

Why do you prefer an irule??

 

Cheers,

 

Kees

Not up to my choice

Its shared management environment and its a customer decision

I totally know that whenever there is a chance to solve a problem with a policy, it is the preferred way.

Anyhow, this irule solved the problem:

 

when CLIENT_ACCEPTED { set allowed 0 if { [class match [IP::client_addr] equals bypass_asm_class] } { set allowed 1 } }   when HTTP_REQUEST { if { $allowed } { #log local0. "This client IP: [IP::client_addr] is allowed to bypass ASM" ASM::disable } else { ASM::enable /partition/asmpolcy } }

 

Ok. And no policy is attached to the virtual server??

Because that could cause issues. https://support.f5.com/csp/article/K18101546

no, no policy attached

thanks for clarification