ltm rule command ASM unblock
iRule(1) BIG-IP TMSH Manual iRule(1)
ASM::unblock
Overrides the blocking action for a request that had blocking
violation.
SYNOPSIS
ASM::unblock
DESCRIPTION
Overrides the blocking action for a request that had blocking
violations. Consequently, the request will be forwarded to the origin
server and also marked with a special "unblocked" flag which can be
viewed in the request log. If the present request was not supposed to
be blocked then the command has no effect.
Syntax
ASM::unblock
* Notes
+ Violations from an unblocked request will not be learned for
policy modification, neither manually nor automatically.
+ The command applies to requests only. It is not possible to
unblock a response in which violations were found.
+ The command does not apply to requests that are part of
attacks such as Web Scraping or Brute Force login attacks.
+ An unblocked request will not be sent to Antivirus scanner.
+ The command takes effect even if it is followed by
ASM::raise command with a blocking violation.
RETURN VALUE
VALID DURING
ASM_REQUEST_DONE, ASM_REQUEST_VIOLATION
EXAMPLES
when ASM_REQUEST_DONE {
set i 0
foreach {viol} [ASM::violation names]{
if {$viol eq VIOLATION_ILLEGAL_PARAMETER} {
set details [lindex [ASM::violation details] $i]
set param_name [b64decode [llookup $details "param_data.param_name"]]
#remove the bad parameter from the QS - does not work right in all cases, just for illustration!
regsub -all "\?.*($param_name=^\&*)" [HTTP::uri] "?" $new_uri
HTTP::uri $new_uri
ASM::unblock
}
set i [expr {$i+1}]
}
}
HINTS
SEE ALSO
CHANGE LOG
@BIGIP-11.5.0 --First introduced the command.
BIG-IP 2017-01-31 iRule(1)