Hello, I'm the application security person and I have triggered a bug which has caused my transparent policies to block all requests in our pre-production environment. There are over 100 policies and deactivating each one while I wait for support seems to be an inefficient way of doing things. How can I disable the ASM module so that testing can continue while I wait for support to get back to me?
I would write an iRule disabling the ASM, then do TMSH script to apply/remove this iRule from all virtual servers. Maybe you could deprovision the ASM module itself, then all policies should be removed and when you reprovision the ASM all policies should be back, but the you could not debug anything.
Hi, The below link can help https://devcentral.f5.com/questions/disable-asm-module-within-irule
or if you want to bypass https://support.f5.com/kb/en-us/solutions/public/14000/700/sol14709.html
I think you can also use "
bypass_upon_asm_down" system variable under Advnaced Configuration of ASM. Change the variable value from 0 to 1.
Here is the document for the same. https://support.f5.com/kb/en-us/solutions/public/15000/000/sol15093.html
Then you can stop the ASM from CLI.
bigstart stop asm
If you have F5 in HA pair. Follow this exercise on Standby unit first, and failover to the Standby unit by making it active.
Hope this helps.