Technical Forum
Ask questions. Discover Answers.
cancel
Showing results for 
Search instead for 
Did you mean: 

bypassing ASM from specific source IP

Abed_AL-R
Cirrostratus
Cirrostratus

Hello guys

 

What is the alternative irule for this:

https://clouddocs.f5.com/api/irules/ASM__disable.html

 

The HTTP_CLASS_SELECTED is not recognized anymore in newer versions

 

I know it is possible to configure this via regular policy but for this specific situation I prefer irule

 

4 REPLIES 4

Hi,

 

Why do you prefer an irule??

 

Cheers,

 

Kees

Not up to my choice

Its shared management environment and its a customer decision

I totally know that whenever there is a chance to solve a problem with a policy, it is the preferred way.

Anyhow, this irule solved the problem:

when CLIENT_ACCEPTED {
   set allowed 0
   if { [class match [IP::client_addr] equals bypass_asm_class]  } {
      set allowed 1
   }
}
 
when HTTP_REQUEST {
   if { $allowed } {
       #log local0.  "This client IP: [IP::client_addr] is allowed to bypass ASM"
       ASM::disable
   } else {
      ASM::enable /partition/asmpolcy
   }
}

Ok. And no policy is attached to the virtual server??

Because that could cause issues. https://support.f5.com/csp/article/K18101546

no, no policy attached

thanks for clarification