dave-byrne.co.uk

always remember

Nothing is foolproof to a sufficiently talented fool... Make something
idiot proof, and the world will simply make a bigger idiot.

F5 BigIP LTM – iRule Unblock Violation Name

In the event you need to unblock a triggered ASM block event within F5’s BigIP LTM/ASM appliances, the following iRule may be of use. The one shown below specifically unblocks illegal redirection attempts that match a URI partial string.

when ASM_REQUEST_DONE {
    if {{[ASM::violation names] contains "VIOL_REDIRECT"} and 
    {[string tolower [HTTP::uri]] contains "/string1/" || 
    [string tolower [HTTP::uri]] contains "/xyz-location/" ||
    [string tolower [HTTP::uri]] contains "/abc/"}}
    {
        ASM::unblock
        log local0. "ASM unblocking [HTTP::uri] - (XYZ Manual iRule Unblock)"
    }
}

Additional Violation Names can be found under: Security -> Options -> Application Security -> Advanced Configuration -> Violations List -> Built-In Violations. You must use the internal ASM Violation Name in the iRule, not the friendly name shown in the event logs or the rest of the GUI.

The above is tested/working within F5 BipIP LTM VE v15.0.1

dave / March 18, 2020 / Code, F5 BigIP