Enabling ASM profile from iRule fails
Hi everyone!
I´m currently loadbalancing several hosts through the same VIP and I´d like to enable a different ASM profile for each service. To do so I´m trying to use an iRule like this:
when HTTP_REQUEST {
set serviceName [string tolower [getfield [HTTP::host] "." 1]]
set targetPoolName "pool_autosp_$serviceName"
set targetASMProfile "/Common/asm_$serviceName"
if { [class match $serviceName equals class_autoSPServiceList] } {
pool $targetPoolName
ASM::enable $targetASMProfile
}
}
I´m trying to test it out with with a service named demoasm, so the string "demoasm" is added to class_autoSPServiceList, and there is a pool named pool_autosp_demoasm, and an ASM profile named asm_demoasm. Nevertheless, when I try it, I get an entry in the ASM log like this:
ASM bad request: event code I4331 Request has an unknown HTTP selector: /Common/asm_demoasm
I would expect this behaviour, as pointed out in K12210419 , if the ASM profile was non existent or if I missed the partition, which is not the case: I´m 100% certain the name is right and the ASM profile exists.
Am I missing something obvious, maybe the ASM profile must have an existing autogenerated LTM security profile tied to it before applying it or something on that line?
Thanks,
Pablo
Thanks for replying, what is your current BIGIP version?
Do you happen to see this message in /var/log/ts/bd.log as well?
did not receive account configuration after 600 seconds
If you see this you the cause might be BUG ID850673
Also, is the policy name shown as expected in bigip.conf file? Does this only happen on test policy or is it the same for all names? Since you said this is a test policy, have you tried deleting it and creating a new one?