Forum Discussion
3 Replies
- Tzoori_Tamam_95Historic F5 Account
Hi, Check out this article:
You can use HTTP::redirect instead of ASM::unblock in this case, or together with it. I'm sure you can play around with this example to achieve what you're trying to do.
/tt
- samstepCirrocumulus
You can achieve this with a simple iRule.
First you need to set up a pool which has a pool member which is the destination (IP address and port) where you need to send the malicious traffic.
If you are not going to display a blocking page then you can keep your violations on "Alarm" instead of "Block". Then use an iRule like this one:
when ASM_REQUEST_DONE { if { [ASM::status] equals "alarmed" } { log local0.debug "Request: [HTTP::method] [HTTP::uri] raised ASM violations and was sent to malicious traffic pool" send traffic to malicious traffic pool pool malicious_traffic_destination_pool } }
Hope this helps,
Sam
Hi Aelkosairy,
The answer to your question strongly depends on your detailed scenario. If you need a rather static HTML-Errorpage or a static HTTP-Redirect than you could simply configure the "Blocking Page/Redirect" settings within the ASM GUI. If you need some sort of dynamic HTML-Responses / HTTP-Redirects then you have to use additional iRules to overwrite the GUI based "ASM Blocking Page/Redirects".
At first try to use the GUI based settings. If those settings are not suitable for your objectives, then elaborate some additional details on the logic you want to setup, so that we can push you in the right direction.
Cheers, Kai