ltm rule command ASM disable
iRule(1) BIG-IP TMSH Manual iRule(1)
ASM::disable
Disables plugin processing on the connection.
SYNOPSIS
ASM::disable
DESCRIPTION
Disables the ASM plugin processing for the current TCP connection. ASM
will remain disabled on the current TCP connection until it is closed
or ASM::enable is called.
Syntax
ASM::disable
* Disables plugin processing for the duration of the TCP connection
or until ASM::enable is called.
Note: ASM::disable deprecates PLUGIN::disable ASM
RETURN VALUE
VALID DURING
HTTP_CLASS_SELECTED(up to 11.3.0), HTTP_REQUEST (11.4.0+)
EXAMPLES
# for 11.4.0+ the command should be used in HTTP_REQUEST event
when HTTP_CLASS_SELECTED {
ASM::enable
# Disable ASM for HTTP paths ending in .jpg
if { [HTTP::path] ends_with ".jpg" } {
ASM::disable
}
}
# This example iRule disables ASM if the client IP address
# is part of an address type datagroup named bypass_asm_class.
# The bypass_asm_class datagroup must be created before this iRule is created.
# To debug the iRule, uncomment the log lines.
# The iRule is for ASM 10.0.1 or higher only
when CLIENT_ACCEPTED {
#log local0. "[IP::client_addr]:[TCP::client_port]: New TCP connection to [virtual name] [IP::local_addr]:[TCP::local_port]"
# Check if client IP is in the bypass_asm_class
if {[matchclass [IP::client_addr] equals bypass_asm_class]}{
# Set a variable to track that we'll disable ASM
# when a class with ASM enabled is matched
set disable_asm 1
#log local0. "[IP::client_addr]:[TCP::client_port]: Client matched bypass_asm_class datagroup."
} else {
set disable_asm 0
#log local0. "[IP::client_addr]:[TCP::client_port]: Client did not match bypass_asm_class datagroup."
}
}
when HTTP_CLASS_SELECTED {
# As ASM can only be enabled/disabled in HTTP_CLASS_SELECTED (HTTP_REQUEST starting from 11.4.0+ - sol14381),
# check the variable set in CLIENT_ACCEPTED.
# Also verify ASM is enabled on the matched class before trying to disable ASM
if {[HTTP::class asm]==1}{
#log local0. "[IP::client_addr]:[TCP::client_port]: [HTTP::class] has ASMenabled."
if {$disable_asm==1}{
#log local0. "[IP::client_addr]:[TCP::client_port]: Disabling ASM for this request."
ASM::disable
} else {
#log local0. "[IP::client_addr]:[TCP::client_port]: Not disabling ASM for this request."
ASM::enable
}
}
}
HINTS
SEE ALSO
CHANGE LOG
@BIGIP-10.0.1 --First introduced the command.
BIG-IP 2017-01-31 iRule(1)