Rich_L
May 25, 2017Nimbostratus
iRule to allow IP address that is being blocked by ASM Geo-location policy
We have an ASM security policy configured on our public facing Virtual Servers. We also enforce blocking access from countries that we do not allow in our Geo-Location policy. I am looking to allow access to the website / virtual server for one specific IP address which happens to be located in a country that is not allowed in our Geo-location. I have tried the following, but the user is still getting denied by the ASM with the following violation: Access from disallowed Geolocation.
My iRule is (this has a fake IP address for this post):
when ASM_REQUEST_DONE {
log local0. "Detected Country IP"
if { ([IP::client_addr] == "123.456.789.101") && ( [ASM::violation details] contains "VIOLATION_ILLEGAL_GEOLOCATION") }{
ASM::unblock
log local0. "[ASM::violation_data]. unblocked for [IP::client_addr]"
}
}
Has anybody ever ran into this situation and if so, were you able to create a working iRule that you can share? Thanks!