ASM::enable

Description

Enables the ASM plugin for the current TCP connection. ASM will remain enabled on the current TCP connection until it is closed or ASM::disable is called.

Syntax

ASM::enable
ASM::enable <policy>

ASM::enable

  • Enables plugin processing on the connection. ASM will remain enabled on the current TCP connection until it is closed or ASM::disable is called.

ASM::enable <policy>

  • Beginning in v11.4, the policy is a required argument. Enables plugin processing on the connection. ASM will remain enabled on the current TCP connection until it is closed or ASM::disable is called.
  • Since HTTP_CLASS_SELECTED is not available in these versions, you can use ASM::enable and ASM::disable in HTTP_REQUEST
  • This requires that you have at least a minimal ASM Policy attached to the Virtual Server for the ASM commands to become available.

Note: The request will fail ASM::enable is called when the currently matched HTTP class does not have ASM enabled. You can check if ASM is enabled by default on the currently selected class using [HTTP::class asm]==1.
Note: ASM::enable deprecates PLUGIN::enable ASM

Examples

# Disable ASM for HTTP paths ending in .jpg
when HTTP_CLASS_SELECTED {
  ASM::enable
  if { [HTTP::path] ends_with ".jpg" } {
    ASM::disable
  }
}

#Enabling an asm policy called asmb in the Common partition in v11.4.x and Later
when HTTP_REQUEST {
   ASM::enable "/Common/asmb"
}

# This example iRule disables ASM if the client IP address
# is part of an address type datagroup named bypass_asm_class.
# The bypass_asm_class datagroup must be created before this iRule is created.
# To debug the iRule, uncomment the log lines.
# The iRule is for ASM 10.0.1 or higher only
when CLIENT_ACCEPTED {

   #log local0. "[IP::client_addr]:[TCP::client_port]: New TCP connection to [virtual name] [IP::local_addr]:[TCP::local_port]"
   # Check if client IP is in the bypass_asm_class
   if {[matchclass [IP::client_addr] equals bypass_asm_class]}{

      # Set a variable to track that we'll disable ASM
      #   when a class with ASM enabled is matched
      set disable_asm 1
      #log local0. "[IP::client_addr]:[TCP::client_port]: Client matched bypass_asm_class datagroup."
   } else {
      set disable_asm 0
      #log local0. "[IP::client_addr]:[TCP::client_port]: Client did not match bypass_asm_class datagroup."
   }
}
when HTTP_CLASS_SELECTED {

   # As ASM can only be disabled in HTTP_CLASS_SELECTED,
   # check the variable set in CLIENT_ACCEPTED.
   # Also verify ASM is enabled on the matched class before trying to disable ASM
   if {[HTTP::class asm]==1}{

      #log local0. "[IP::client_addr]:[TCP::client_port]: [HTTP::class] has ASM enabled."

      if {$disable_asm==1}{
         #log local0. "[IP::client_addr]:[TCP::client_port]: Disabling ASM for this request."
         ASM::disable
      } else {
         #log local0. "[IP::client_addr]:[TCP::client_port]: Not disabling ASM for this request."
         ASM::enable
      }
   }
}