Forum Discussion

Rafi1's avatar
Rafi1
Icon for Cirrus rankCirrus
Feb 17, 2022
Solved

ASM custom response page add additional information

Hi, I saw simikar question but unfortunately the answer was not clear enough, I'am using custom resoponse page for ASM deny query, inside the custom response I send the client th support ID  using...
security
  • Sebastiansierra's avatar
    Sebastiansierra
    Feb 17, 2022

    Hi,

    You need to follow the next steps:

    1. Make sure that "Trigger ASM iRule Events" option is enabled in the policy properties.
      1. Navigate to Security  ››  Application Security : Policy : Policy Properties.
      2. Change to the correct "Current edited security policy"

    Create an iRule with content similar to the following (add/delete fields as needed): 

    when HTTP_REQUEST {
    # Other HTTP values can be added here 
    set requri "http://[HTTP::host][HTTP::uri]"

    }

     when ASM_REQUEST_DONE {
             set asm_support_id [ASM::support_id]
          }

          when ASM_REQUEST_BLOCKING {
       
            HTTP::header remove Content-Length
            HTTP::header insert header_1 value_1
            set client_ip [IP::client_addr]

            set response "<html>
                            <head>
                               <title>Request Rejected</title>
                            </head>
                            <body>
                                The requested URL was rejected. Please consult with your administrator.<br><br>
                                Your support ID is: $asm_support_id<br><br><a href='javascript&colon;history.back();'>Go Back</a><br><br>
                                Your URL is: $requri<br><br>
                                Your client IP is: $client_ip

                            </body>
                        </html>"
            ASM::payload replace 0 [ASM::payload length] ""
            ASM::payload replace 0 0 $response

          }

     

    You can reference to this link: https://support.f5.com/csp/article/K22017023

  • Rafi1's avatar
    Rafi1
    Feb 22, 2022

    Hi Sebastiansierra,

    Thank you very much,

    Attached my irule for other to use 

    when HTTP_REQUEST {
    # Other HTTP values can be added here
    set requri "https://[HTTP::host][HTTP::uri]"

    }

    when ASM_REQUEST_DONE {
    set asm_support_id [ASM::support_id]
    }

    when ASM_REQUEST_BLOCKING {


    HTTP::header remove Content-Length
    HTTP::header insert header_1 value_1
    set client_ip [IP::client_addr]

    set response "<html>
    <head>
    <title>Request Rejected</title>
    </head>
    <body>
    <p>
    <img src='https://xxx.domain.zz/files/2018/01/F5_Logo_700x80.gif' border='1' alt='Organization' width='700' height='80'> ### Web page with company logo ###
    <p>

    The page was blocked for what seems to be a technical issue.<br><br>
    Please click the following link to notify ## link to notify IT Team by mail, the mail will include support is, src ip, suspicious link##
    <a href='mailto:mail@domain?subject=support ID is: $asm_support_id&body=The%20page%20was%20blocked%20for%20what%20seems%20to%20be%20a%20technical%20issue%0A%0ASuspicious URL: $requri%0ASource IP: $client_ip%0ASupport ID: $asm_support_id'();>IT Team</a><br><br><br>

    <b>Your support ID :</b> $asm_support_id<br><br>
    <b>Suspicious URL:</b> $requri<br><br>
    <b>Source IP :</b> $client_ip<br><br><br>
    Thank you<br> IT Team

    </body>
    </html>"
    ASM::payload replace 0 [ASM::payload length] ""
    ASM::payload replace 0 0 $response


    }

Sebastiansierra's avatar
Sebastiansierra
Icon for MVP rankMVP
Feb 21, 2022

Hi,

I think that yes, the only way is using an irule because you need to store the headers that you want to print when the event is triggered using.The custom response page only enables printing an HTML.