Forum Discussion
hooleylist
Jan 04, 2011Cirrostratus
Another option is to use an iRule to sanitize requests to the blocking page when the blocking page is hosted behind an ASM policy. Here's a version I did for 9.x. You could update it for 10.x relatively easily by changing the global variables to the static namespace, change the headers_to_preserve list to a datagroup and change the setting of $asm_bypass to ASM::enable/ASM::disable.
Here are some related links:
http://devcentral.f5.com/wiki/default.aspx/iRules/Asm_sanitize_blocking_page_requests.html
http://devcentral.f5.com/wiki/default.aspx/iRules/static
http://devcentral.f5.com/wiki/default.aspx/iRules/class
http://devcentral.f5.com/wiki/default.aspx/iRules/asm__enable
But actually, I think your method of using HTTP::respond on violations to the blocking URI makes very good sense. The nice part is that you don't deal with sanitizing the requests or bypassing ASM. The only downside I can think of is that you're having to host application content within LTM.
Aaron