Forum Discussion

JimT's avatar
JimT
Icon for Nimbostratus rankNimbostratus
Jun 24, 2016

Enable ASM policy based on pool selection in iRule

Hi,

Hope someone can point me in the right direction:

We have a virtual server with a default ASM policy assigned to it. When clients connect we want to set the ASM policy based on which pool you are assigned to using a datagroup. In the logs we see that the iRule is fired and the correct ASM policy is set, but then being "ovrewritten" by the default ASM policy.

when HTTP_REQUEST {
 Skip the leading partition name from the pool name:
set pool [getfield [LB::server pool] "/" 3]
set asm_policy [class lookup ${pool} map_pool_to_asm_policy]
if { $asm_policy ne "" } {
    ASM::enable "/Common/$asm_policy
   }
}

Thanks

application delivery
ASM Advanced WAF
iRules

2 Replies

Sort By
  • Tikka_Nagi_1315's avatar
    Tikka_Nagi_1315
    Historic F5 Account
    Jun 29, 2016

    If I understood correctly what you are trying to achieve I think you need an iRule that will disable ASM for each HTTP request in HTTP_REQUEST and then selectively dis/enable ASM if LB has already taken place for a previous request on this connection. In LB_SELECTED selectively dis/enable ASM for the first request on any connection. The following iRule probably won't work as is but intended to be a pointer:

      when HTTP_REQUEST {
  if { [LB::server addr] ne "" } {
     Skip the leading partition name from the pool name:
    set pool [getfield [LB::server pool] "/" 3]
    set asm_policy [class lookup ${pool} map_pool_to_asm_policy]
    if { $asm_policy ne "" } {
    ASM::enable "/Common/$asm_policy"
    }

  } else {
    log local0. "New HTTP_REQUEST with no LB, disabling ASM so LB_SELECTED will always fire"
    ASM::disable
  }
}

when LB_SELECTED {
  if { [LB::server addr] eq [getfield [LB::server pool] "/" 3] } {
    log local0. "LB selected set [LB::server addr] - disabling ASM"
    ASM::disable
  } else {
    log local0. "LB selected set [LB::server addr] - enabling ASM"
    ASM::enable "/Common/$asm_policy"
  }
}
    • JimT's avatar
      JimT
      Icon for Nimbostratus rankNimbostratus
      Jun 29, 2016
      Hi nagi and thanks for your answer. Will try this and reply as soon testing is done.