Forum Discussion

Nimbostratus

Apr 23, 2019

iRule disable ASM and close TCP connection

I'm referring to example 1 on https://devcentral.f5.com/wiki/irules.asm__disable.ashx This lets me disable ASM when a certain condition, e.g. a HTTP::path matches. But the documentation also state...

MVP

Apr 24, 2019

Hi Lopf,

But the documentation also states, that ASM is then disabled for the "duration of the TCP connection or until ASM::enable is called."

You can pretty much ignore the (slightly outdated) documentation. The mentioned statement was true at the time HTTP-Class was used to assign ASM Policies.

Since v11.4 LTM Policies are used to enable an assign a given ASM Policy. The LTM Policies are operating on a per-request level and therefor revert your

ASM::disable

command and reselect the default ASM Policy on the very next request of the same underlying TCP connection.

when HTTP_REQUEST { 
    if { [HTTP::path] contains "/.well-known/acme-challenge/" } { 
        ASM::disable
    } else {
         You don't have to care about re-enabling ASM. Your LTM Policy already did that...
    }
}

Cheers, Kai

Forum Discussion

iRule disable ASM and close TCP connection

Recent Discussions

Rundeck ansible F5 errors

What is the meaning is 52% block in WAF

rewrite Azure AD response for portal access via web portal

AS3 Monitoring multiple ports selectively

Open Redirection Mitigation

Related Content

Routing problem for connect() in iRule

Disabling Ciphers

disable irule process for the request not for the whole tcp connection

Temporarily Disable SNMP Traps

Current connections vs CLI show sys connections