ASM custom response page add additional information
- Feb 17, 2022
Hi,
You need to follow the next steps:
- Make sure that "Trigger ASM iRule Events" option is enabled in the policy properties.
- Navigate to Security ›› Application Security : Policy : Policy Properties.
- Change to the correct "Current edited security policy"
Create an iRule with content similar to the following (add/delete fields as needed):
when HTTP_REQUEST {
# Other HTTP values can be added here
set requri "http://[HTTP::host][HTTP::uri]"}
when ASM_REQUEST_DONE {
set asm_support_id [ASM::support_id]
}
when ASM_REQUEST_BLOCKING {
HTTP::header remove Content-Length
HTTP::header insert header_1 value_1
set client_ip [IP::client_addr]
set response "<html>
<head>
<title>Request Rejected</title>
</head>
<body>
The requested URL was rejected. Please consult with your administrator.<br><br>
Your support ID is: $asm_support_id<br><br><a href='javascript:history.back();'>Go Back</a><br><br>
Your URL is: $requri<br><br>
Your client IP is: $client_ip
</body>
</html>"
ASM::payload replace 0 [ASM::payload length] ""
ASM::payload replace 0 0 $response
}You can reference to this link: https://support.f5.com/csp/article/K22017023
- Make sure that "Trigger ASM iRule Events" option is enabled in the policy properties.
- Feb 22, 2022
Hi Sebastiansierra,
Thank you very much,
Attached my irule for other to use
when HTTP_REQUEST {
# Other HTTP values can be added here
set requri "https://[HTTP::host][HTTP::uri]"}
when ASM_REQUEST_DONE {
set asm_support_id [ASM::support_id]
}when ASM_REQUEST_BLOCKING {
HTTP::header remove Content-Length
HTTP::header insert header_1 value_1
set client_ip [IP::client_addr]set response "<html>
<head>
<title>Request Rejected</title>
</head>
<body>
<p>
<img src='https://xxx.domain.zz/files/2018/01/F5_Logo_700x80.gif' border='1' alt='Organization' width='700' height='80'> ### Web page with company logo ###
<p>
The page was blocked for what seems to be a technical issue.<br><br>
Please click the following link to notify ## link to notify IT Team by mail, the mail will include support is, src ip, suspicious link##
<a href='mailto:mail@domain?subject=support ID is: $asm_support_id&body=The%20page%20was%20blocked%20for%20what%20seems%20to%20be%20a%20technical%20issue%0A%0ASuspicious URL: $requri%0ASource IP: $client_ip%0ASupport ID: $asm_support_id'();>IT Team</a><br><br><br><b>Your support ID :</b> $asm_support_id<br><br>
<b>Suspicious URL:</b> $requri<br><br>
<b>Source IP :</b> $client_ip<br><br><br>
Thank you<br> IT Team</body>
</html>"
ASM::payload replace 0 [ASM::payload length] ""
ASM::payload replace 0 0 $response
}