Vivek_Padale_16
Jul 26, 2014Nimbostratus
iRule for ASM
Is there any iRule for allowing SQL injection and XML tagging in ASM for a specific url
Hi Vivek, you mean unblock ?
Sorry about that my response was not quiet so clear. here is the correct irule if you want to unblock SQL injection on you page, try to respect line feed (not easy with copy and past) and you need to activate in the ASM policy, advance menu, the option called "Trigger ASM iRule Events" otherwise the event ASM_REQUEST_DONE will never match.
To be clear this irule is unbloking ASM when SQL Injection is detected (and only this violation that is why you have a <2) on your uri /myblock.
when ASM_REQUEST_DONE {
if { [HTTP::uri] equals "/myblock" && [ASM::violation count] < 2 } {
if { [ASM::violation attack_types] equals "ATTACK_TYPE_SQL_INJECTION"} {
ASM::unblock
}
} else {
More than one violation, too dangerous to Unblock return
}
}