ltm rule command ASM enable
iRule(1) BIG-IP TMSH Manual iRule(1)
ASM::enable
Enables plugin processing on the connection.
SYNOPSIS
ASM::enable ASM_POLICY
DESCRIPTION
Enables the ASM plugin processing for the current TCP connection. ASM
will remain enabled on the current TCP connection until it is closed or
ASM::disable is called.
Syntax
ASM::enable
* Enables plugin processing on the connection. ASM will remain
enabled on the current TCP connection until it is closed or
ASM::disable is called.
ASM::enable
* Beginning in v11.4, the policy is a required argument. Enables
plugin processing on the connection. ASM will remain enabled on the
current TCP connection until it is closed or ASM::disable is
called.
* Since HTTP_CLASS_SELECTED is not available in these versions, you
can use ASM::enable and ASM::disable in HTTP_REQUEST
* This requires that you have at least a minimal ASM Policy attached
to the Virtual Server for the ASM commands to become available.
Note: The request will fail ASM::enable is called when the currently
matched HTTP class does not have ASM enabled. You can check if ASM is
enabled by default on the currently selected class using [HTTP::class asm]==1.
Note: ASM::enable deprecates PLUGIN::enable ASM
RETURN VALUE
VALID DURING
HTTP_CLASS_SELECTED(up to 11.3.0), HTTP_REQUEST (11.4.0+)
EXAMPLES
# for 11.4.0+ the command should be used in HTTP_REQUEST event
when HTTP_CLASS_SELECTED {
ASM::enable
# Disable ASM for HTTP paths ending in .jpg
if { [HTTP::path] ends_with ".jpg" } {
ASM::disable
}
}
#Enabling an asm policy called asmb in the Common partition in v11.4.x and Later
when HTTP_REQUEST {
ASM::enable "/Common/asmb"
}
# This example iRule disables ASM if the client IP address
# is part of an address type datagroup named bypass_asm_class.
# The bypass_asm_class datagroup must be created before this iRule is created.
# To debug the iRule, uncomment the log lines.
# The iRule is for ASM 10.0.1 or higher only
when CLIENT_ACCEPTED {
#log local0. "[IP::client_addr]:[TCP::client_port]: New TCP connection to [virtual name] [IP::local_addr]:[TCP::local_port]"
# Check if client IP is in the bypass_asm_class
if {[matchclass [IP::client_addr] equals bypass_asm_class]}{
# Set a variable to track that we'll disable ASM
# when a class with ASM enabled is matched
set disable_asm 1
#log local0. "[IP::client_addr]:[TCP::client_port]: Client matched bypass_asm_class datagroup."
} else {
set disable_asm 0
#log local0. "[IP::client_addr]:[TCP::client_port]: Client did not match bypass_asm_class datagroup."
}
}
when HTTP_CLASS_SELECTED {
# ASM can only be disabled in HTTP_CLASS_SELECTED (HTTP_REQUEST starting from 11.4.0+ - sol14381),
# check the variable set in CLIENT_ACCEPTED.
# Also verify ASM is enabled on the matched class before trying to disable ASM
if {[HTTP::class asm]==1}{
#log local0. "[IP::client_addr]:[TCP::client_port]: [HTTP::class] has ASMenabled."
if {$disable_asm==1}{
#log local0. "[IP::client_addr]:[TCP::client_port]: Disabling ASM for this request."
ASM::disable
} else {
#log local0. "[IP::client_addr]:[TCP::client_port]: Not disabling ASM for this request."
ASM::enable
}
}
}
HINTS
SEE ALSO
CHANGE LOG
@BIGIP-10.0.1 --First introduced the command.
BIG-IP 2017-01-31 iRule(1)