Can non-http pass through ASM without being dropped?

Question

Will an ASM allow non-http traffic to pass through it? Is there an option or setting that will allow it?&nbsp;
We are setting up an inspection zone for our external web apps, but we do have occasional non-http virtual server.  We are hoping to simplify the design and keep it the same for ALL applications. &nbsp;
I fully understand that we can route non-http virtual servers around the ASM, but we like to be difficult and route everything the same way. Can we do this or will ASM drop the non-http traffic?&nbsp;

simon_blakely · Answer

ASM won't just pass through the traffic if it isn't HTTP - it will inspect it and block on HTTP non-compliance.&nbsp;
You can add a profile/irule to disable the ASM policy for non-HTTP traffic, but that is only of value for things like websockets or RPC-over-HTTP where you also have normal HTTP traffic to inspect.  
&nbsp;
Do yourself a favour and only apply ASM policies to HTTP virtuals.&nbsp;

stanislas_piro2 · Answer

Your irule collect only first packet of each tcp connection, if the non http occurs after some http requests within the same tcp connection, it won’t match this code!&nbsp;
How your web server manage it? Is this websocket?&nbsp;

dan_pacheco · Answer

Andrew, regarding your original question; if on your ASM you have a seperate vs for each application, then simply avoid assigning an ASM policy to the non-http virtual servers. The ASM will simply be a router for that traffic.

Forum Discussion

Can non-http pass through ASM without being dropped?

3 Replies

Recent Discussions

F5 loadbalancer not working

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Pricing when used with aws waf

F5 terminal - help to run commands - disk space full

import live updates from version x to version y

Related Content

iRule for non http services

How do I drop traffic on ASM?

Request logging profile on non-HTTP traffic

ISAKMP packets dropped

Translatin non-standard https to https