Forum Discussion

Nimbostratus

Oct 25, 2017

iRule disable ASM - Check

Hi F5 exeprts, Could you please help me writing URL for disabling ASM for a specific URL: test.com/Modules/CommentsandChanges/MyHoldManagement.aspx Below the iRule I want to use: when HTTP_...

iRules

security

Kai_Wilke

MVP

Oct 25, 2017

Hi Sinistrad,

your iRule looks fine for me. The only thing I would strongly recommend to change is:

After disabling ASM for a given Request-URI, you should make sure that ASM gets re-enabled for subsequent HTTP-Request send over the same TCP-Connection. If you don't re-enable ASM a skilled attacker may get notice of this bypass, request the bypassed URI and rigth after send abritary exploit code to other URIs over the same TCP connection without having the inspection of ASM in place...

when HTTP_REQUEST { 
    if { ( [HTTP::host] equals "test.com" ) 
     and ( [HTTP::path] equals "/Modules/CommentsandChanges/MyHoldManagement.aspx" ) } then { 
        ASM::disable 
    } else {
        ASM::enable "/Common/MyPolicy"
    }
}

Cheers, Kai

Forum Discussion

iRule disable ASM - Check

Recent Discussions

service profile HTTP in LTM v16.1?

iRule resulting in too many redirects

Azure SAML - F5 APM

Converting config to DO

Wildcard SSL Certificate Deployment on F5 LTM

Related Content

Bypass certificate check

Temporarily Disable SNMP Traps

Disabling Ciphers

URL and IP check iRule

Disable a specific ASM Attack Signatures checks for a specific IP address.