iRule asm:unblock on datagroup
Hello all,
i´m new to F5 and need some help. Customer wants to use "Request length exceeds defined buffer size" in blocking mode in the policy with some exceptions.
We want to do asm:unblock whenever its a specific URL or a IP from a datagroup. Therefore I created an iRule which seems to work for both conditions since I can see in the log it was triggered. However, customer reported it was working as expected on the URL but request was blocked when it matched the datagroup but log said asm:unblock was done.
IRule looks like that:
when ASM_REQUEST_DONE {
if {[ASM::violation names] contains "VIOLATION_REQUEST_TOO_LONG" and [HTTP::uri] starts_with "/my/url" }
{
ASM::unblock
log local0. "ASM unblocking [HTTP::uri] - reason Request too long"
}
elseif {[ASM::violation names] contains "VIOLATION_REQUEST_TOO_LONG" and [matchclass [IP::client_addr] equals MY_DATAGROUP_WITH_IP]}
{
ASM::unblock
log local0. "ASM unblocking [HTTP::uri] - reason internal IP"
}
}
Customer tested file upload on the URL trigger with a browser and it was working fine.
When customer tested the DATAGROUP trigger I saw unblock in the log but customer upload was blocked because of the vioaltion that should have been unblocked(request length exceed buffer size..). Upload was done with curl.
POST /myurl/Login HTTP/1.1
User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.27.1 zlib/1.2.3 libidn/1.18 libssh2/1.4.2
Host: xxx.com
Accept: */*
Content-Length: 40282368
Content-Type: application/x-www-form-urlencoded
Expect: 100-continue
X-Forwarded-For: 192.168.115.53
x-xxx-external: true
x-xxx-request: egHhAHCCsxUkGsFewlu4
x-xxx-continued: egHhAHCCsxUkGsFewlu4
The upload triggered the iRule twice within 7 seconds. Could it be possible that something just went wrong during the upload. Does the iRule look correct?
Thanks for your help.
Best regards