Forum Discussion

kimhenriksen's avatar
kimhenriksen
Icon for Cirrostratus rankCirrostratus
May 25, 2023

ASM block page for use with API waf policy

Hey all! I´ve setup a asm waf policy for a webservice that handels api calls. But the standard response on a block is a 200 OK with the block webpage, which works great if a person can see it on the...
api
application delivery
BIG-IP Access Policy Manager (APM)
policy
  • Nikoolayy1's avatar
    Nikoolayy1
    May 25, 2023

    Also keep in mind that ASM_REQUEST_DONE irule event will show you support id even for good requests, so if you want to insert the header only when there is violation then you can use ASM_REQUEST_BLOCKING as a replacement for ASM_REQUEST_DONE as it will trigger only for bad requests.

  • kimhenriksen's avatar
    kimhenriksen
    May 26, 2023

    Just an update from me. I found a much much simpler way to accomplish this.

    In the settings for the policy and under response and blocking pages, i edit and created a new header and just used the support id variable from the page on the header and that worked like a charm. No irules to apply or anything. 😄

Nikoolayy1's avatar
Nikoolayy1
Icon for MVP rankMVP

Also keep in mind that ASM_REQUEST_DONE irule event will show you support id even for good requests, so if you want to insert the header only when there is violation then you can use ASM_REQUEST_BLOCKING as a replacement for ASM_REQUEST_DONE as it will trigger only for bad requests.

kimhenriksen's avatar
kimhenriksen
Icon for Cirrostratus rankCirrostratus
May 26, 2023

Just an update from me. I found a much much simpler way to accomplish this.

In the settings for the policy and under response and blocking pages, i edit and created a new header and just used the support id variable from the page on the header and that worked like a charm. No irules to apply or anything. 😄

  • c27705074's avatar
    c27705074
    Icon for Altostratus rankAltostratus
    Nov 13, 2023

    Hi kimhenriksen 

    I'm new to ASM and currently having the same issue, I'd like to edit the blocking response page to give the client a negative response instead of the 200K status without using iRule..  Please can you share HTML you used? Thank you in advance. 

    • kimhenriksen's avatar
      kimhenriksen
      Icon for Cirrostratus rankCirrostratus
      Nov 13, 2023

      You can accomplish that in the ASM policy settings. Let me check and get back to you. We setup up a like 599 Blocked (not http standard i know, but i works). And also added the supportid as a response header.

    • kimhenriksen's avatar
      kimhenriksen
      Icon for Cirrostratus rankCirrostratus
      Nov 13, 2023

      Choose policies list under security, there you have the list with all your asm policies. Choose the one to edit.

      1

      Scroll down to response and blocking pages. And on the right you have the block page settings. I havent edited the page itself, only the code and added the SupID: supportid-header.

      2


      SupID: <%TS.request.ID()%>

      • c27705074's avatar
        c27705074
        Icon for Altostratus rankAltostratus
        Nov 13, 2023

        Thank you kimhenriksen thats was so helpful. you're a lifesaver. I have edited the response page and waiting for the BUs to commence testing. Thank you so much.