cancel
Showing results for 
Search instead for 
Did you mean: 

Specific uri set to not log on asm

Dave_Pisarek
Cirrus
Cirrus

All,

 

We have a specific request that is set to perform a health check on our asm policies to ensure they are blocking as expected. Basically it is https://url/<script!> which gets blacked every time. The asm logs it into the event logs but there are so many requests I want to set it so anything that is /<script!> will block but not log. Does this need to be an irule or is there a way in the logging profile or policy that we can set this uri to not log?

5 REPLIES 5

rob_carr
MVP
MVP

If you know exactly where the request is coming from and there is no other traffic coming from the same location, you could use IP address exceptions to stop logging for traffic from that location.

Dave_Pisarek
Cirrus
Cirrus

We cannot block via ip as it changes and is from multiple locations. I don't even see where I can create a custom violation or attack signature and disable logging. No ASM event for irules to disable logging.

Ivan_Chernenkii
F5 Employee
F5 Employee

Hello Dave,

 

I am not sure that I understand use case of such asm health check, but if you want to execute health check of asm policy, then better to use some dummy VS for this purpose.

 

Thanks, Ivan

Dave_Pisarek
Cirrus
Cirrus

Customer used pingdom to test that the ASM is working as expect but having a check looking for the wording in the response page. I can propose using a dummy vs but you will still have the event logs hit with a bunch of the logs for this check. I can't believe there is no way to not log except based on ip.

If you can propose using a dummy vs for these checks only, then you can disable local logging for this dummy vs. Will it help?