We are running version 11.6
We originally had ASM configured to send files to a Symantec server for scanning and if a Virus was detected the ASM would display the Blocking Response page. (all good so far).
Except the limitation with ASM is a 30Meg limit, our customer wants to upload larger files.
After contacting several Reps at F5 we were told that LTM ICAP has no limit and it was best for us to use LTM for ICAP feature and use ASM for the response page and event logging.
So we configured ICAP in LTM using this link:
It looks like virus files are being blocked however using LTM-ICAP, can't seem to trigger a response page.
Is this even possible ?
ASM triggers after request adapt profile(aka ICAP). I have preliminary have created an iRule that works on detecting some ICAP results and then works in conjunction with ASM to raise custom violation - but I do need to test some more variants of it before I post something here for sharing. Stay tuned though!
Same deal here, we were told we could use LTM ICAP and tie it in with custom ASM violations. We were thinking about capturing the ICAP_Response error and passing this to ASM triggering a custom violation after the ASM_REQUEST_END event. I think the problem is that the ASM event will fire before the ICAP_Response as the ICAP irule is on the Internal VS, which processes the request after the HTTP VS, I'll have a chat to F5 about this in the week.
Yeah i contacted support and they didnt help so im going back to our F5 account team.
I'll keep you posted on anything i hear and if you could do the same I'd appreciate it.
I think this is what your referring to:
Have you seen the ASM::raise command?
The ICAP URL should be:
The SYMC* requests uses a different responses (201 - abort) instead of (200 - respond)
ADAPT and parent VS OOPS on the 201 response. The response delivered from SYMC server to the client with this compatibility-mode request
201 - abort
200 - respond