Forum Discussion
kimhenriksen
Cirrostratus
CirrostratusASM block page for use with API waf policy
Hey all! I´ve setup a asm waf policy for a webservice that handels api calls. But the standard response on a block is a 200 OK with the block webpage, which works great if a person can see it on the...
Also keep in mind that ASM_REQUEST_DONE irule event will show you support id even for good requests, so if you want to insert the header only when there is violation then you can use ASM_REQUEST_BLOCKING as a replacement for ASM_REQUEST_DONE as it will trigger only for bad requests.
Just an update from me. I found a much much simpler way to accomplish this.
In the settings for the policy and under response and blocking pages, i edit and created a new header and just used the support id variable from the page on the header and that worked like a charm. No irules to apply or anything. 😄
kimhenriksenCirrostratus
CirrostratusI did this first:
when ASM_REQUEST_VIOLATION {
set support_id [ASM::support_id]
#log local0. $support_id
HTTP::header insert ASM $support_id
}
when HTTP_RESPONSE {
#log local0. $support_id
HTTP::header insert ASM $support_id
#HTTP::header insert ASM2 testtest
}
But.. there´s no header receieved on the client end..
- Nikoolayy1
MVP
Did you check what I mentioned ?
Not when ASM_REQUEST_VIOLATION but ASM_REQUEST_DONE and the irule trigger should be enabled under the ASM policy and set to Normal mode not Compatible.
- kimhenriksen
I´ll change the event and try again.
I had already changed the irule setting before so events are triggering ok.
- Nikoolayy1
Also keep in mind that ASM_REQUEST_DONE irule event will show you support id even for good requests, so if you want to insert the header only when there is violation then you can use ASM_REQUEST_BLOCKING as a replacement for ASM_REQUEST_DONE as it will trigger only for bad requests.