Forum Discussion

oedo808_68685's avatar
oedo808_68685
Icon for Altostratus rankAltostratus
Aug 31, 2016

How do I temporarily disable all ASM policies?

Hello, I'm the application security person and I have triggered a bug which has caused my transparent policies to block all requests in our pre-production environment. There are over 100 policies and deactivating each one while I wait for support seems to be an inefficient way of doing things. How can I disable the ASM module so that testing can continue while I wait for support to get back to me?

 

3 Replies

  • I would write an iRule disabling the ASM, then do TMSH script to apply/remove this iRule from all virtual servers. Maybe you could deprovision the ASM module itself, then all policies should be removed and when you reprovision the ASM all policies should be back, but the you could not debug anything.

     

  • Hi, The below link can help https://devcentral.f5.com/questions/disable-asm-module-within-irule

     

    or if you want to bypass https://support.f5.com/kb/en-us/solutions/public/14000/700/sol14709.html

     

    cheers

     

  • I think you can also use "

    bypass_upon_asm_down
    " system variable under Advnaced Configuration of ASM. Change the variable value from 0 to 1.

    Here is the document for the same. https://support.f5.com/kb/en-us/solutions/public/15000/000/sol15093.html

    Then you can stop the ASM from CLI.

    bigstart stop asm

    If you have F5 in HA pair. Follow this exercise on Standby unit first, and failover to the Standby unit by making it active.

    Hope this helps.

    Regards, Darshan