03-Nov-2020 07:17
Hi, I have created an iRule to unblock requests with the illegal filetype violation triggered and specially for those URI started with a specific value and the path matches a specific expression, but it doesn't work, can anyone help me
when ASM_REQUEST_DONE {
if { ([HTTP::uri] starts_with "/abc/") &&
([HTTP::path] matches_regex {*.[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]})
&& ([ASM::violation count] >= 1)
&& [ASM::violation_data] contains "VIOLATION_OBJ_TYPE"} {
ASM::unblock
}}
03-Nov-2020 20:48 - last edited on 04-Jun-2023 21:12 by JimmyPackets
Break the monolithic if statement down into nested if statements, and add logging so you can see the results of each step
when ASM_REQUEST_DONE { if { ([HTTP::uri] starts_with "/abc/") } { log local0. "URI [HTTP::uri] starts with /abc/" if {([HTTP::path] matches_regex {*.[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]})} { log local0. "PATH [HTTP::path] matches the regex" if { ([ASM::violation count] >= 1) } { log local0. "ASM violation count greater than 1 = [ASM::violation count]" if {[ASM::violation_data] contains "VIOLATION_OBJ_TYPE"} { log local0. "ASM violation data contains VIOLATION_OBJ_TYPE - unblocking" ASM::unblock } } } } }
04-Nov-2020 01:13
Thank you, i'll try it
08-Nov-2020 07:40
if this answered your question please flag it as such.
