Script to edit ASM policy

Question

hi, i have an ASM policy and i want to be able to export it, modify it with a script and then import it back into the F5 machine. my goal is to be able to add a lot of URLS into the policy with the script

my script is running good and it adds all the urls in the right schema into the policy but after importing it back into the machine and applying it on a virt the policy doesnt do anything (nothing is being blocked) even tho its in Blocking mode. i didnt get any errors while importing the policy but it just doesnt work (the URLS i added with the script are visible in the GUI so it worked and saved my changes and is able to read them too)

after saving the Learning and blocking settings and changing the mode of the policy to Transparent and then back to Blocking its works but after hitting Refresh in the site it suddenly stops blocking

i can see the logs in the events but it only alarms me even tho everything is in blocking mode.

i made sure to take the original XML encoding.
can you help me out? anyone has done something like this?

lnxgeek · Answer

Hi Yonik
Can you share the policy?
Usually there are three places to look when womething isn't being stopped:
- is the policy in blocking
- is the object in question in staging
- does the policy block said feature in the settings
As you say you can find an alert log it suggest that the setting&nbsp; (illegal URL) is only set to alarm and not block.

Forum Discussion

Script to edit ASM policy

1 Reply

Recent Discussions

Provisioning r2600 equipment

Block CBC

active/active Support Declarative Onboarding

Error while running ansible

URL

Related Content

Re: Get Started with BIG-IP Virtual Edition (VE), BIG-IQ VE or BIG-IP Cloud Edition Trial

Auditing Security Policy Updates

Quick Optimizations for F5 BIG-IP Virtual Edition

Integrating SSL Orchestrator with Fortinet FortiGate Virtual Edition as a Virtual Wire

Passing Arguments to iCall Scripts