Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Clear all filters
Answers

URL string map and ASM

Hi all, I'm looking into some ASM blocks that are being triggered for an illegal URL violation.

We have an application call coming in as /app-abc/... which we use an iRule to string map the call to app-abc-1.0/... - as this avoids having version specific calls from external sources. This works fine as confirmed by the application tests and ltm log messages, but we get some calls which are being blocked because they're coming as app-abc-1.0/...

I can run a clean test from postman and get a block because of this violation even though the call has passed through the iRule (seen ltm log message to confirm) - I though that ASM was processed before LTM?

This one is confusing me. its like its a subsequent call which is being blocked. Does the string map persist back to the client?

Any help or advice on this one would be greatly appreciated.

0
Rate this Question

Answers to this Question

placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

ASM is one of the last product evaluated...

  • First is AFM with FLOW_INIT event
  • Then LTM with CLIENT_ACCEPTED, CLIENT_DATA, HTTP_REQUEST events
  • Then LTM with CLIENT_ACCEPTED, CLIENT_DATA, HTTP_REQUEST events
  • Then APM with ACCESS_SESSION_STARTED event
  • and finally ASM

So when you change URI in HTTP_REQUEST event, ASM will see the new URI.

This is useful when we want to disable ASM or change ASM policy based on URI.

0
Comments on this Answer
Comment made 19-Jun-2018 by Anthony 452

Oh right, I always thought it was up front. That would explain it all then! Thanks for clarifying it for me.

0