Will an ASM allow non-http traffic to pass through it? Is there an option or setting that will allow it?
We are setting up an inspection zone for our external web apps, but we do have occasional non-http virtual server. We are hoping to simplify the design and keep it the same for ALL applications.
I fully understand that we can route non-http virtual servers around the ASM, but we like to be difficult and route everything the same way. Can we do this or will ASM drop the non-http traffic?
ASM won't just pass through the traffic if it isn't HTTP - it will inspect it and block on HTTP non-compliance.
You can add a profile/irule to disable the ASM policy for non-HTTP traffic, but that is only of value for things like websockets or RPC-over-HTTP where you also have normal HTTP traffic to inspect.
Do yourself a favour and only apply ASM policies to HTTP virtuals.
Your irule collect only first packet of each tcp connection, if the non http occurs after some http requests within the same tcp connection, it won’t match this code!
Andrew, regarding your original question; if on your ASM you have a seperate vs for each application, then simply avoid assigning an ASM policy to the non-http virtual servers. The ASM will simply be a router for that traffic.
