bypassing ASM from specific source IP

Question

Hello guys&nbsp;What is the alternative irule for this:https://clouddocs.f5.com/api/irules/ASM__disable.html&nbsp;The HTTP_CLASS_SELECTED is not recognized anymore in newer versions&nbsp;I know it is possible to configure this via regular policy but for this specific situation I prefer irule&nbsp;

keesvandenbos · Answer

Hi,&nbsp;Why do you prefer an irule??&nbsp;Cheers,&nbsp;Kees

abed_al-r · Answer

Not up to my choice Its shared management environment and its a customer decisionI totally know that whenever there is a chance to solve a problem with a policy, it is the preferred way.Anyhow, this irule solved the problem:when CLIENT_ACCEPTED {
   set allowed 0
   if { [class match [IP::client_addr] equals bypass_asm_class]  } {
      set allowed 1
   }
}
&nbsp;
when HTTP_REQUEST {
   if { $allowed } {
       #log local0.  "This client IP: [IP::client_addr] is allowed to bypass ASM"
       ASM::disable
   } else {
      ASM::enable /partition/asmpolcy
   }
}

keesvandenbos · Answer

Ok. And no policy is attached to the virtual server??Because that could cause issues. https://support.f5.com/csp/article/K18101546

abed_al-r · Answer

no, no policy attachedthanks for clarification

Forum Discussion

bypassing ASM from specific source IP

4 Replies

Recent Discussions

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

F5 Access Guard Deprecated: ZTA APM

F5 loadbalancer not working

Pricing when used with aws waf

F5 terminal - help to run commands - disk space full

Related Content

How to ensure source address and source port are accepted and traversed properly via F5 SNAT automap

find specific SNMP OID

MSM Bypass

F5 AWAF - bypass request based on the pressence of a request header - value

Apple's New Rule & Google PlayStore Bypass -July 29th-4th Aug, 2023 - F5 SIRT-This Week in Security