cancel
Showing results for 
Search instead for 
Did you mean: 

How do I temporarily disable all ASM policies?

oedo808_68685
Altostratus
Altostratus

Hello, I'm the application security person and I have triggered a bug which has caused my transparent policies to block all requests in our pre-production environment. There are over 100 policies and deactivating each one while I wait for support seems to be an inefficient way of doing things. How can I disable the ASM module so that testing can continue while I wait for support to get back to me?

 

3 REPLIES 3

Stephan_Mierau
F5 Employee
F5 Employee

I would write an iRule disabling the ASM, then do TMSH script to apply/remove this iRule from all virtual servers. Maybe you could deprovision the ASM module itself, then all policies should be removed and when you reprovision the ASM all policies should be back, but the you could not debug anything.

 

Vijith_182946
Cirrostratus
Cirrostratus

Hi, The below link can help https://devcentral.f5.com/questions/disable-asm-module-within-irule

 

or if you want to bypass https://support.f5.com/kb/en-us/solutions/public/14000/700/sol14709.html

 

cheers

 

swo0sh_gt_13163
Nimbostratus
Nimbostratus

I think you can also use "bypass_upon_asm_down" system variable under Advnaced Configuration of ASM. Change the variable value from 0 to 1.

 

Here is the document for the same. https://support.f5.com/kb/en-us/solutions/public/15000/000/sol15093.html

 

Then you can stop the ASM from CLI. bigstart stop asm

 

If you have F5 in HA pair. Follow this exercise on Standby unit first, and failover to the Standby unit by making it active.

 

Hope this helps.

 

Regards, Darshan