iRule disable ASM - Check

Question

Hi F5 exeprts,
Could you please help me writing URL for disabling ASM for a specific URL: test.com/Modules/CommentsandChanges/MyHoldManagement.aspx&nbsp;
Below the iRule I want to use:&nbsp;
when HTTP_REQUEST {
    if { ( [HTTP::host] equals "test.com" ) and ( [HTTP::path] equals "/Modules/CommentsandChanges/MyHoldManagement.aspx" ) } then {
        ASM::disable
}
}&nbsp;
Is it correct ?&nbsp;
Thanks&nbsp;

kai_wilke · Answer

Hi Sinistrad,&nbsp;your iRule looks fine for me. The only thing I would strongly recommend to change is:&nbsp;After disabling ASM for a given Request-URI, you should make sure that ASM gets re-enabled for subsequent HTTP-Request send over the same TCP-Connection. If you don't re-enable ASM a skilled attacker may get notice of this bypass, request the bypassed URI and rigth after send abritary exploit code to other URIs over the same TCP connection without having the inspection of ASM in place...&nbsp;when HTTP_REQUEST { 
    if { ( [HTTP::host] equals "test.com" ) 
     and ( [HTTP::path] equals "/Modules/CommentsandChanges/MyHoldManagement.aspx" ) } then { 
        ASM::disable 
    } else {
        ASM::enable "/Common/MyPolicy"
    }
}Cheers, Kai&nbsp;

Forum Discussion

iRule disable ASM - Check

1 Reply

Recent Discussions

F5 loadbalancer not working

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Pricing when used with aws waf

F5 terminal - help to run commands - disk space full

import live updates from version x to version y

Related Content

Disabling Weak Ciphers

Check a Virtual Server's SSL Status

ASM irule to disable attack signature authorization header with specific value

disable http retry

Disable cookie persistance in irule