using websocket via ASM

Question

Hi all. 
I'm testing about ASM v11.4.1 and a website using websocket.
I wonder ASM can support websocket.
In my test, LTM can support websocket but ASM can't support it.
When apply ASM policy to VirtualServer, I can't show websocket part.
So I made a iRule, that is below:
when CLIENT_ACCEPTED { 
             HTTP::enable
}
when HTTP_REQUEST { 
             if { ([string tolower [HTTP::header value Upgrade]] equals "websocket" ) &amp;&amp; ([string tolower [HTTP::header value Connection]] equals "upgrade" ) } {  
                           log local0. "HTTP Disable"  
                ASM::disable 
             }
}

In this iRule, when websocket traffic is come, it disable ASM and pass to LTM.
But it means, if some web attacks are come through websocket, ASM can't block attacks.
In addition, if i change iRule from ASM::disable to HTTP::disable,
page loading is slowed.
Does any solution using with ASM and websocket?

nitass · Answer

But it means, if some web attacks are come through websocket, ASM can't block attacks.&nbsp;

as you know, currently it is not supported. i do not hear any plan.&nbsp;

In addition, if i change iRule from ASM::disable to HTTP::disable, page loading is slowed.&nbsp;

have you run tcpdump to see where the slow comes from?&nbsp;

nitass_89166 · Answer

But it means, if some web attacks are come through websocket, ASM can't block attacks.&nbsp;

as you know, currently it is not supported. i do not hear any plan.&nbsp;

In addition, if i change iRule from ASM::disable to HTTP::disable, page loading is slowed.&nbsp;

have you run tcpdump to see where the slow comes from?&nbsp;

yoonjoo__moon_1 · Answer

have you run tcpdump to see where the slow comes from?
--&gt; Yes. I captured it.
      In Wireshark, filtering "websocket", i can't find when using HTTP::disable, but others can find "websocket"

yoonjoo__moon_1 · Answer

have you run tcpdump to see where the slow comes from?
--&gt; Yes. I captured it.
      In Wireshark, filtering "websocket", i can't find when using HTTP::disable, but others can find "websocket"

j_castro · Answer

Hi everyone.&nbsp;
I have the same problem running 11.5.1. I've opened a support ticket and they confirmed that ASM currently does not support web socket streams and there is not an ETA to fix this issue.&nbsp;
But, How can we deal with this in the most secure way?
Anyone has heard about a workaround for this? I'm not a web developer but if this is a common behavior for websites behind a security device, it must be an option, from the developer perspective, to fulfill the operation of the websites without using websockets, just wondering.&nbsp;

Forum Discussion

using websocket via ASM

8 Replies

Recent Discussions

Client certificate Authentication - open multiple tabs

google autenticator broken barcode

Chrome V 124+ on MacOS - Virtual Server Access Issue

vulnerabilities (CVE-2020-36363), CVE-2016-0736,CVE-2019-6593-FOR VERSION BIGIP LTM-16.1.4

Port Group on F5OS network setting

Related Content

iRule to decode WebSocket negotiation and frames

SSL Orchestrator Advanced Use Cases: Detecting Generative AI

SSL Orchestrator Advanced Use Cases: DNS Sinkholing

SPDY versus HTML5 WebSockets

SSLO in public cloud: Azure inbound L3 use case