Forum Discussion
Adding date and time to ASM response pages
- Apr 14, 2023
Hi pinkzeppelin,
this iRule should do:
when ASM_REQUEST_DONE { set asm_support_id [ASM::support_id] } when ASM_REQUEST_BLOCKING { HTTP::header remove Content-Length HTTP::header insert header_1 value_1 set response "<html> <head> <title>Request Rejected</title> </head> <body> The requested URL was rejected. Please consult with your administrator.<br><br> The current time and date is: [clock format [clock seconds] -format {%H:%M:%S}], [clock format [clock seconds] -format {%d/%m/%Y}]<br><br> Your support ID is: $asm_support_id<br><br><a href='javascript:history.back();'>Go Back</a><br><br> </body> </html>" ASM::payload replace 0 [ASM::payload length] "" ASM::payload replace 0 0 $response }
Make sure to enable Trigger ASM iRule Events in your ASM security policy.
For further reading check:
K22017023: Configuring a custom Blocking Response Page using an iRule and
tcl man page - Time and Date - clockKR
Daniel
Hi pinkzeppelin,
this iRule should do:
when ASM_REQUEST_DONE {
set asm_support_id [ASM::support_id]
}
when ASM_REQUEST_BLOCKING {
HTTP::header remove Content-Length
HTTP::header insert header_1 value_1
set response "<html>
<head>
<title>Request Rejected</title>
</head>
<body>
The requested URL was rejected. Please consult with your administrator.<br><br>
The current time and date is: [clock format [clock seconds] -format {%H:%M:%S}], [clock format [clock seconds] -format {%d/%m/%Y}]<br><br>
Your support ID is: $asm_support_id<br><br><a href='javascript:history.back();'>Go Back</a><br><br>
</body>
</html>"
ASM::payload replace 0 [ASM::payload length] ""
ASM::payload replace 0 0 $response
}
Make sure to enable Trigger ASM iRule Events in your ASM security policy.
For further reading check:
K22017023: Configuring a custom Blocking Response Page using an iRule and
tcl man page - Time and Date - clock
KR
Daniel
Hi Daniel_Wolf
As a newcomer to iRule, I'm currently facing a similar issue. I'm seeking guidnace on customizing the blocking response page to send a negative response to clients, rather than the typical 200 OK. In the above iRule example, how do I implement it to show clients a 403 or 503 error code instead?
Also, Does require to empty the default blocking response page setting if iRule is implemented?
Thank you in advance.
- Daniel_WolfNov 16, 2023MVP
Hi e06137f,
that's fairly easy. No need to mess around with iRule in order to change the HTTP response code - follow this knowledge base article K35004154: Change the default 200 OK http response code from the ASM blocking page to 503.
However, I do recommend to keep the 200 for the reason that an attacker might use them for fingerprinting or recon. 503 repsonses stay out rather than 200s.KR
Daniel- e06137fNov 17, 2023Nimbostratus
Hi Daniel_Wolf
Thank you for the detailed explanation. I followed the article closly, and it workds perfectly. I appreciate your prompt response and assistance. If you have any recommedations for further learning on iRules please me know. Thank you.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com