Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

Forum Discussion

pinkzeppelin's avatar
pinkzeppelin
Icon for Altostratus rankAltostratus
3 years ago
Solved

Adding date and time to ASM response pages

Hi, How can we add exact date and time when blocking occurs to ASM response pages?  Thanks.
security
  • Daniel_Wolf's avatar
    Daniel_Wolf
    3 years ago

    Hi pinkzeppelin,

    this iRule should do:

     

    when ASM_REQUEST_DONE {
   set asm_support_id [ASM::support_id]
}

when ASM_REQUEST_BLOCKING {
   
   HTTP::header remove Content-Length
   HTTP::header insert header_1 value_1

   set response "<html>
                     <head>
                        <title>Request Rejected</title>
                     </head>
                     <body>
                        The requested URL was rejected. Please consult with your administrator.<br><br>
                        The current time and date is: [clock format [clock seconds] -format {%H:%M:%S}], [clock format [clock seconds] -format {%d/%m/%Y}]<br><br>
                        Your support ID is: $asm_support_id<br><br><a href='javascript&colon;history.back();'>Go Back</a><br><br>


                     </body>
                  </html>"
   ASM::payload replace 0 [ASM::payload length] ""
   ASM::payload replace 0 0 $response
}

     

    Make sure to enable Trigger ASM iRule Events in your ASM security policy.
    For further reading check:
    K22017023: Configuring a custom Blocking Response Page using an iRule and
    tcl man page - Time and Date - clock 

    KR
    Daniel

Daniel_Wolf's avatar
Daniel_Wolf
Icon for MVP rankMVP
3 years ago

Hi pinkzeppelin,

this iRule should do:

 

when ASM_REQUEST_DONE {
   set asm_support_id [ASM::support_id]
}

when ASM_REQUEST_BLOCKING {
   
   HTTP::header remove Content-Length
   HTTP::header insert header_1 value_1

   set response "<html>
                     <head>
                        <title>Request Rejected</title>
                     </head>
                     <body>
                        The requested URL was rejected. Please consult with your administrator.<br><br>
                        The current time and date is: [clock format [clock seconds] -format {%H:%M:%S}], [clock format [clock seconds] -format {%d/%m/%Y}]<br><br>
                        Your support ID is: $asm_support_id<br><br><a href='javascript&colon;history.back();'>Go Back</a><br><br>


                     </body>
                  </html>"
   ASM::payload replace 0 [ASM::payload length] ""
   ASM::payload replace 0 0 $response
}

 

Make sure to enable Trigger ASM iRule Events in your ASM security policy.
For further reading check:
K22017023: Configuring a custom Blocking Response Page using an iRule and
tcl man page - Time and Date - clock 

KR
Daniel

e06137f's avatar
e06137f
Icon for Nimbostratus rankNimbostratus
2 years ago

Hi Daniel_Wolf 

As a newcomer to iRule, I'm currently facing a similar issue. I'm seeking guidnace on customizing the blocking response page to send a negative response to clients, rather than the typical 200 OK. In the above iRule example, how do I implement it to show clients a 403 or 503 error code instead?

Also, Does require to empty the default blocking response page setting if iRule is implemented?

Thank you in advance. 

    • e06137f's avatar
      e06137f
      Icon for Nimbostratus rankNimbostratus
      2 years ago

      Hi Daniel_Wolf 

      Thank you for the detailed explanation. I followed the article closly, and it workds perfectly. I appreciate your prompt response and assistance. If you have any recommedations for further learning on iRules please me know. Thank you.