IP Address Exceptions & iRule event triggers
I am using IP Address Exceptions to exclude known good automated scanners from my ASM Policy. I've told it to "Never log traffic from this IP Address", which successfully prevents these scans from filling up the Event Logs within the ASM: However, I have an iRule that triggers on ASM_REQUEST_DONE event and logs any events that aren't 'clear': set asm_info [ASM::violation_data] if {[string equal {clear} [ASM::status]] != 1} { log local0. "client_addr=[lindex $asm_info 4] asm_support_id=[lindex $asm_info 1] asm_status=[ASM::status] asm_violation=[lindex $asm_info 0]" } and this iRule is still triggering, and logging, when the Qualys scanner scans the Virtual with this ASM policy attached. Are there any elegant ways to avoid this? [ASM::way-to-tell-if-IP-address-Exception-is-in-place-on-this-violation]? 'Never trigger iRule events on traffic from this IP address'? [ASM::way-to-query-list-of-IP-address-Exception-IPs]? If all else fails, I can just write the same address exception logic into my iRule, but then I'm going to keep two lists of exceptions, which is inelegant and error-prone.
