Forum Discussion
samstep
Dec 02, 2015Cirrocumulus
You can achieve this with a simple iRule.
First you need to set up a pool which has a pool member which is the destination (IP address and port) where you need to send the malicious traffic.
If you are not going to display a blocking page then you can keep your violations on "Alarm" instead of "Block". Then use an iRule like this one:
when ASM_REQUEST_DONE
{
if { [ASM::status] equals "alarmed" } {
log local0.debug "Request: [HTTP::method] [HTTP::uri] raised ASM violations and was sent to malicious traffic pool"
send traffic to malicious traffic pool
pool malicious_traffic_destination_pool
}
}
Hope this helps,
Sam