What can I do in an iRule on a rule in an AFM policy

Question

I have a IP forwarding VS that acts as a default gateway for my network. I also want to log the HTTP traffic that passes through that VS. I created an iRule on the http rule on the AFM policy linked to the VS. I found that without a HTTP profile on the VS I can't use HTTP_REQUEST. I added a FLOW_INIT and tried to direct the traffic to another VS using 'virtual HTTPLog' but even though the event fires the redirect doesn't happen. I tried using CLIENT_ACCEPTED but that does not seem to fire.&nbsp;
I couldn't find anything that specifically states what you can do in an iRule linked to a Rule on an AFM policy.&nbsp;
Can anyone help with how to log the traffic?  &nbsp;

stanislas_piro2 · Answer

Hi,
AFM irule can be used like that:
create a Standard VS with HTTP profile enabled, then enable this irule to disable HTTP profile for non HTTP services
when CLIENT_ACCEPTED {
    if {[TCP::local_port] equals 80} {
        HTTP::enable
    } else {
        HTTP::disable
    }
}

then, in AFM rule, you can display a HTTP blocking page with irule :
when HTTP_REQUEST {
    HTTP::respond 200 content {
        
        Dropped
        Your request is dropped
        
    } noserver
}

Forum Discussion

What can I do in an iRule on a rule in an AFM policy

1 Reply

Recent Discussions

Pricing when used with aws waf

F5 Rseries R2600 Tenant sizing

iRule help masking IBM host URL/URI

Need advise to setup a policy on F5

Advise on setting up IRULE

Related Content

LTM Traffic Policies vs iRules: Which runs first?

pool, policy and irule applied in a same VIP

Replace an header authorization request with policy or iRule doesn't work ...

iRule to allow HTTP Error code through ASM policy

How to access an LTM Policy variable from an iRule ?