ASM::enable¶
Description¶
Enables the ASM plugin for the current TCP connection. ASM will remain
enabled on the current TCP connection until it is closed or
ASM::disable is called.
Syntax¶
ASM::enable
ASM::enable <policy>
ASM::enable¶
- Enables plugin processing on the connection. ASM will remain enabled on the current TCP connection until it is closed or ASM::disable is called.
ASM::enable <policy>¶
- Beginning in v11.4, the policy is a required argument. Enables plugin processing on the connection. ASM will remain enabled on the current TCP connection until it is closed or ASM::disable is called.
- Since HTTP_CLASS_SELECTED is not available in these versions, you can use ASM::enable and ASM::disable in HTTP_REQUEST
- This requires that you have at least a minimal ASM Policy attached to the Virtual Server for the ASM commands to become available.
Note: The request will fail ASM::enable is called when the currently
matched HTTP class does not have ASM enabled. You can check if ASM is
enabled by default on the currently selected class using [HTTP::class
asm]==1.
Note: ASM::enable deprecates PLUGIN::enable ASM
Examples¶
# Disable ASM for HTTP paths ending in .jpg
when HTTP_CLASS_SELECTED {
ASM::enable
if { [HTTP::path] ends_with ".jpg" } {
ASM::disable
}
}
#Enabling an asm policy called asmb in the Common partition in v11.4.x and Later
when HTTP_REQUEST {
ASM::enable "/Common/asmb"
}
# This example iRule disables ASM if the client IP address
# is part of an address type datagroup named bypass_asm_class.
# The bypass_asm_class datagroup must be created before this iRule is created.
# To debug the iRule, uncomment the log lines.
# The iRule is for ASM 10.0.1 or higher only
when CLIENT_ACCEPTED {
#log local0. "[IP::client_addr]:[TCP::client_port]: New TCP connection to [virtual name] [IP::local_addr]:[TCP::local_port]"
# Check if client IP is in the bypass_asm_class
if {[matchclass [IP::client_addr] equals bypass_asm_class]}{
# Set a variable to track that we'll disable ASM
# when a class with ASM enabled is matched
set disable_asm 1
#log local0. "[IP::client_addr]:[TCP::client_port]: Client matched bypass_asm_class datagroup."
} else {
set disable_asm 0
#log local0. "[IP::client_addr]:[TCP::client_port]: Client did not match bypass_asm_class datagroup."
}
}
when HTTP_CLASS_SELECTED {
# As ASM can only be disabled in HTTP_CLASS_SELECTED,
# check the variable set in CLIENT_ACCEPTED.
# Also verify ASM is enabled on the matched class before trying to disable ASM
if {[HTTP::class asm]==1}{
#log local0. "[IP::client_addr]:[TCP::client_port]: [HTTP::class] has ASM enabled."
if {$disable_asm==1}{
#log local0. "[IP::client_addr]:[TCP::client_port]: Disabling ASM for this request."
ASM::disable
} else {
#log local0. "[IP::client_addr]:[TCP::client_port]: Not disabling ASM for this request."
ASM::enable
}
}
}