Forum Discussion

misha_life_1886's avatar
misha_life_1886
Icon for Nimbostratus rankNimbostratus
Nov 15, 2015

ASM Over iRule

hi,

 

i have a standard virtual server with an http profile assigned, no pool or nodes only irule.

 

the client sends http request and the irule parses the request and sends a response. (my irule fires with the event of HTTP_REQUEST)

 

when i tried to assign an ASM policy to this virtual server i dont see any requests in the application "all requests" log.

 

of course the application logging is set to log all requests and the logging profile is assigned to the virtual server.

 

does the ASM only receives the traffic leaving the virtual server towards a node?

 

how can i enforce ASM Policy on the requests hitting my irule?

 

thank you.

 

iRules
LTM
security

2 Replies

Sort By
  • Kevin_Davies_40's avatar
    Kevin_Davies_40
    Icon for Nacreous rankNacreous
    Nov 16, 2015

    ASM protects an application. The application and associated virtual server must be in working order before attaching a policy. I see why you are asking the question but without a working application the behaviour is unknown.

     

  • Hannes_Rapp's avatar
    Hannes_Rapp
    Icon for Nimbostratus rankNimbostratus
    Nov 16, 2015

    "the client sends http request and the irule parses the request and sends a response. (my irule fires with the event of HTTP_REQUEST)"

     

    The reason you don't see any logs in ASM is because ASM security checks are not processed. You are intercepting the request with a response triggered from your iRule.

     

    By minimum, you will have to add a dummy pool to your virtual server without a health-check to circumvent the LB_FAILED event. Also, any iRule "HTTP::respond" functions must be commented out.

     

    In case of a HTTP response which is triggered from F5, the request handling will be isolated to LTM, and the ASM module will not come into play at all. This applies even if you have correctly configured ASM policy and the logging profile.