jmgrange_337011
May 02, 2018Nimbostratus
SQL-Injection bypass and logging iRule
I am working on an iRule that will unblock traffic going to URLs in a Data Group and log when it does so. This is what I have and want to have it reviewed to make sure it is written correctly.
when ASM_REQUEST_DONE {
if { [class match [HTTP::uri] equals "DataGroup1"] } {
if { [ASM::violation attack_types] equals "ATTACK_TYPE_SQL_INJECTION"} {
ASM::unblock
log local0. "SQL-Injection bypass for [HTTP::uri] from [IP::remote_addr]"
}
} else {
More than one type of violation, too dangerous to Unblock return
}
}