ASM::enable

Description¶

Enables the ASM plugin for the current TCP connection. ASM will remain enabled on the current TCP connection until it is closed or ASM::disable is called.

Syntax¶

ASM::enable
ASM::enable <policy>

ASM::enable¶

Enables plugin processing on the connection. ASM will remain enabled on the current TCP connection until it is closed or ASM::disable is called.

ASM::enable <policy>¶

Beginning in v11.4, the policy is a required argument. Enables plugin processing on the connection. ASM will remain enabled on the current TCP connection until it is closed or ASM::disable is called.
Since HTTP_CLASS_SELECTED is not available in these versions, you can use ASM::enable and ASM::disable in HTTP_REQUEST
This requires that you have at least a minimal ASM Policy attached to the Virtual Server for the ASM commands to become available.

Note: The request will fail ASM::enable is called when the currently
matched HTTP class does not have ASM enabled. You can check if ASM is
enabled by default on the currently selected class using [HTTP::class
asm]==1.
Note: ASM::enable deprecates PLUGIN::enable ASM

Examples¶

# Disable ASM for HTTP paths ending in .jpg
when HTTP_CLASS_SELECTED {
  ASM::enable
  if { [HTTP::path] ends_with ".jpg" } {
    ASM::disable
  }
}

#Enabling an asm policy called asmb in the Common partition in v11.4.x and Later
when HTTP_REQUEST {
   ASM::enable "/Common/asmb"
}

# This example iRule disables ASM if the client IP address
# is part of an address type datagroup named bypass_asm_class.
# The bypass_asm_class datagroup must be created before this iRule is created.
# To debug the iRule, uncomment the log lines.
# The iRule is for ASM 10.0.1 or higher only
when CLIENT_ACCEPTED {

   #log local0. "[IP::client_addr]:[TCP::client_port]: New TCP connection to [virtual name] [IP::local_addr]:[TCP::local_port]"
   # Check if client IP is in the bypass_asm_class
   if {[matchclass [IP::client_addr] equals bypass_asm_class]}{

      # Set a variable to track that we'll disable ASM
      #   when a class with ASM enabled is matched
      set disable_asm 1
      #log local0. "[IP::client_addr]:[TCP::client_port]: Client matched bypass_asm_class datagroup."
   } else {
      set disable_asm 0
      #log local0. "[IP::client_addr]:[TCP::client_port]: Client did not match bypass_asm_class datagroup."
   }
}
when HTTP_CLASS_SELECTED {

   # As ASM can only be disabled in HTTP_CLASS_SELECTED,
   # check the variable set in CLIENT_ACCEPTED.
   # Also verify ASM is enabled on the matched class before trying to disable ASM
   if {[HTTP::class asm]==1}{

      #log local0. "[IP::client_addr]:[TCP::client_port]: [HTTP::class] has ASM enabled."

      if {$disable_asm==1}{
         #log local0. "[IP::client_addr]:[TCP::client_port]: Disabling ASM for this request."
         ASM::disable
      } else {
         #log local0. "[IP::client_addr]:[TCP::client_port]: Not disabling ASM for this request."
         ASM::enable
      }
   }
}

Related Information¶

Valid Events:

HTTP_CLASS_SELECTED

Introduced: BIGIP-10.0.1

The BIG-IP API Reference documentation contains community-contributed content. F5 does not monitor or control community code contributions. We make no guarantees or warranties regarding the available code, and it may contain errors, defects, bugs, inaccuracies, or security vulnerabilities. Your access to and use of any code available in the BIG-IP API reference guides is solely at your own risk.