Forum Discussion

Rimvydas's avatar
Rimvydas
Icon for Nimbostratus rankNimbostratus
Feb 20, 2017

ASM fingerprinting with iRule

Hello,

 

Have some trouble to log fingerprints with iRule. Main goal is with iRule [ASM::fingerprint] and other info log to device unique fingerprint ID. I successfully write simple code :

 

when ASM_REQUEST_BLOCKING {
set fp [ASM::fingerprint]
set ip [IP::client_addr]
log local0. "Fingerprint is: $fp, IP: $ip"
}

And in log always showing 0. In F5 devcentral fingerprint description is: This iRules command returns the FP id if available. Returns 0 if not.

 

So what I have to do to available Fp ID?

 

  • nathe's avatar
    nathe
    Icon for Cirrocumulus rankCirrocumulus

    Have you enabled Fingerprinting in the GUI? I believe this is a Web Scraping configuration setting. If so, do you see if this is captured in the Requests logs too?

     

  • Did you enable fingerprinting in your current active policy?

     

    Security > Application Security > Anomaly Detection > Web Scraping

     

  • As I have tested on version 13 is possible to log fingerprint ID but not for all requests. It looks like ASM need to process more requests or need some session informations. For my environment, fingerprint ID occurs after authentication process.