Forum Discussion
samstep
Oct 16, 2017Cirrocumulus
It is certainly possible to do with an iRule and a datagroup containing a list of codes (or allowed IP addresses which is much easier to implement). Lists of codes/IP Addresses are easier to manage in a datagroup rather than constantly adding/removing IP address exceptions in ASM policies.
you would simply use ASM:disable command if the request contains your X-SCAN-TESTING header
https://devcentral.f5.com/wiki/iRules.ASM__disable.ashx
having an iRule to connect and retrieve OTP from an external source is a bit over-engineering for such a simple problem, but it is certainly possible
You can also have the solution with no iRule at all and just put all the rules of header checking into the local traffic policy