Forum Discussion

Rafi1's avatar
Rafi1
Icon for Cirrus rankCirrus
Feb 17, 2022

ASM custom response page add additional information

Hi, I saw simikar question but unfortunately the answer was not clear enough, I'am using custom resoponse page for ASM deny query, inside the custom response I send the client th support ID  using...
security
  • Sebastiansierra's avatar
    Sebastiansierra
    Feb 17, 2022

    Hi,

    You need to follow the next steps:

    1. Make sure that "Trigger ASM iRule Events" option is enabled in the policy properties.
      1. Navigate to Security  ››  Application Security : Policy : Policy Properties.
      2. Change to the correct "Current edited security policy"

    Create an iRule with content similar to the following (add/delete fields as needed): 

    when HTTP_REQUEST {
    # Other HTTP values can be added here 
    set requri "http://[HTTP::host][HTTP::uri]"

    }

     when ASM_REQUEST_DONE {
             set asm_support_id [ASM::support_id]
          }

          when ASM_REQUEST_BLOCKING {
       
            HTTP::header remove Content-Length
            HTTP::header insert header_1 value_1
            set client_ip [IP::client_addr]

            set response "<html>
                            <head>
                               <title>Request Rejected</title>
                            </head>
                            <body>
                                The requested URL was rejected. Please consult with your administrator.<br><br>
                                Your support ID is: $asm_support_id<br><br><a href='javascript&colon;history.back();'>Go Back</a><br><br>
                                Your URL is: $requri<br><br>
                                Your client IP is: $client_ip

                            </body>
                        </html>"
            ASM::payload replace 0 [ASM::payload length] ""
            ASM::payload replace 0 0 $response

          }

     

    You can reference to this link: https://support.f5.com/csp/article/K22017023

  • Rafi1's avatar
    Rafi1
    Feb 22, 2022

    Hi Sebastiansierra,

    Thank you very much,

    Attached my irule for other to use 

    when HTTP_REQUEST {
    # Other HTTP values can be added here
    set requri "https://[HTTP::host][HTTP::uri]"

    }

    when ASM_REQUEST_DONE {
    set asm_support_id [ASM::support_id]
    }

    when ASM_REQUEST_BLOCKING {


    HTTP::header remove Content-Length
    HTTP::header insert header_1 value_1
    set client_ip [IP::client_addr]

    set response "<html>
    <head>
    <title>Request Rejected</title>
    </head>
    <body>
    <p>
    <img src='https://xxx.domain.zz/files/2018/01/F5_Logo_700x80.gif' border='1' alt='Organization' width='700' height='80'> ### Web page with company logo ###
    <p>

    The page was blocked for what seems to be a technical issue.<br><br>
    Please click the following link to notify ## link to notify IT Team by mail, the mail will include support is, src ip, suspicious link##
    <a href='mailto:mail@domain?subject=support ID is: $asm_support_id&body=The%20page%20was%20blocked%20for%20what%20seems%20to%20be%20a%20technical%20issue%0A%0ASuspicious URL: $requri%0ASource IP: $client_ip%0ASupport ID: $asm_support_id'();>IT Team</a><br><br><br>

    <b>Your support ID :</b> $asm_support_id<br><br>
    <b>Suspicious URL:</b> $requri<br><br>
    <b>Source IP :</b> $client_ip<br><br><br>
    Thank you<br> IT Team

    </body>
    </html>"
    ASM::payload replace 0 [ASM::payload length] ""
    ASM::payload replace 0 0 $response


    }

Sebastiansierra's avatar
Sebastiansierra
Icon for MVP rankMVP

Hi,

You need to follow the next steps:

  1. Make sure that "Trigger ASM iRule Events" option is enabled in the policy properties.
    1. Navigate to Security  ››  Application Security : Policy : Policy Properties.
    2. Change to the correct "Current edited security policy"

Create an iRule with content similar to the following (add/delete fields as needed): 

when HTTP_REQUEST {
# Other HTTP values can be added here 
set requri "http://[HTTP::host][HTTP::uri]"

}

 when ASM_REQUEST_DONE {
         set asm_support_id [ASM::support_id]
      }

      when ASM_REQUEST_BLOCKING {
   
        HTTP::header remove Content-Length
        HTTP::header insert header_1 value_1
        set client_ip [IP::client_addr]

        set response "<html>
                        <head>
                           <title>Request Rejected</title>
                        </head>
                        <body>
                            The requested URL was rejected. Please consult with your administrator.<br><br>
                            Your support ID is: $asm_support_id<br><br><a href='javascript&colon;history.back();'>Go Back</a><br><br>
                            Your URL is: $requri<br><br>
                            Your client IP is: $client_ip

                        </body>
                    </html>"
        ASM::payload replace 0 [ASM::payload length] ""
        ASM::payload replace 0 0 $response

      }

 

You can reference to this link: https://support.f5.com/csp/article/K22017023

Rafi1's avatar
Rafi1
Icon for Cirrus rankCirrus
Feb 20, 2022

Hi,

Thank you for your response,

I tried to configured it from GUI security->application security-> security policies-> policy list-><policy name>->response page

So irule is the only way ?

Regards

Rafi