Hi Sinistrad,
your iRule looks fine for me. The only thing I would strongly recommend to change is:
After disabling ASM for a given Request-URI, you should make sure that ASM gets re-enabled for subsequent HTTP-Request send over the same TCP-Connection. If you don't re-enable ASM a skilled attacker may get notice of this bypass, request the bypassed URI and rigth after send abritary exploit code to other URIs over the same TCP connection without having the inspection of ASM in place...
when HTTP_REQUEST {
if { ( [HTTP::host] equals "test.com" )
and ( [HTTP::path] equals "/Modules/CommentsandChanges/MyHoldManagement.aspx" ) } then {
ASM::disable
} else {
ASM::enable "/Common/MyPolicy"
}
}
Cheers, Kai