Forum Discussion
amolari
Cirrostratus
Cirrostratusasm 11.5.1 iRule - customized response page per webapp
I have following iRule
when RULE_INIT {
set asm_redirect 0
}
when ASM_REQUEST_DONE {
set asm_redirect 0
if { [HTTP::uri] starts_with "/abcweb" } {
if { not ([ASM::status] equals "clear") } {
log local0. "abcweb - URI - [HTTP::uri]"
log local0. "abcweb - ASM_STATUS: [ASM::status]"
if { [virtual] ends_with "_https" } {
set protocol "https"
} else {
set protocol "http"
}
log local0. "abcweb - virtual = [virtual]"
log local0. "abcweb - policy active - [POLICY::names active]"
set asm_redirect 1
set asm_support_id [ASM::support_id]
set host [HTTP::host]
set path [URI::path [HTTP::uri] 1 1]
}
}
}
when HTTP_RESPONSE_RELEASE {
if { $asm_redirect equals 1 } {
HTTP::respond 302 Location "${protocol}://${host}${path}error?supportid=$asm_support_id"
log local0. "abcweb - redirection - ${protocol}://${host}${path}error?supportid=$asm_support_id"
set asm_redirect 0
}
}
Producing (troubleshooting) logs with expected results:
tmm[15434]: Rule /Common/irule_i_abc_basic : abcweb - URI - /abcweb/api/search
tmm[15434]: Rule /Common/irule_i_abc_basic : abcweb - ASM_STATUS: alarmed
tmm[15434]: Rule /Common/irule_i_abc_basic : abcweb - virtual = /Common/virtual_abc-dev.company.com_http
tmm[15434]: Rule /Common/irule_i_abc_basic : abcweb - policy active - /Common/asm_i_abc
tmm[15434]: Rule /Common/irule_i_abc_basic : abcweb - redirection - http://abc-dev.company.com/abcweb/error?supportid=3147450500928828533
But the client doesn't receive the 302. What is wrong in the irule logic here?
Thanks
Alex
4 Replies
natheCirrocumulus
Alex,
HTTP::respond command isn't allowed for HTTP_RESPONSE_RELEASE event. See HTTP-RESPONSE-RELEASE
Most HTTP commands should work in this event. The following commands are disallowed for HTTP_RESPONSE_RELEASE: HTTP::collect HTTP::collect HTTP::fallback HTTP::path HTTP::payload HTTP::redirect HTTP::release HTTP::respond HTTP::retry HTTP::uriCan you use HTTP_RESPONSE instead?
N
- amolari
Hi Nathan
changed to HTTP_RESPONSE.. unfortunately with the same result. Any idea?
Thanks
Alex
- nathe
Hi Alex, what do you see with a packet capture, or on the client using fiddler/httpwatch/httpfox?
Also, could you try HTTP::redirect instead of HTTP::respond? HTTP::redirect sends a 302 as well so you'd just need:
HTTP::redirect "${protocol}://${host}${path}error?supportid=$asm_support_id"See if that helps,
N
- amolari
hi Nathan
with the HTTP::redirect it works, but not in all cases
- if the ASM blocking is triggered by the GET URL (which contains the data that triggers the alarm), it's working
- if the ASM blocking is triggered by data in POST, the redirect doesn't work
Alex
