Forum Discussion

James_Betts_290's avatar
Oct 19, 2016

ASM issue, need to return HTTP 500 to client in certain cases

I've written a script that captures the "Content-Type" header from requests. In the event that ASM blocks the request, I need to respond to the client with one of three types of responses (I'm using ...
  • James_Betts_290's avatar
    Oct 19, 2016

    This is not pretty but it works for the problem I had:

     

     Note:
     1. You must enable ASM events for the policy that you intend to invoke this with.
     2. Make a custom blocking response page that is nothing but spaces and CR/LF
        that is as large as the iFile that you will be putting in ASM::payload.
     3. In your iFile, use a "$" character where you want the ASM::support_ID to show
    
    when HTTP_REQUEST {
        set CT [string tolower [HTTP::header Content-Type]]
       log local0. "ASM-R-H: Content: $CT"
    }
    
    when ASM_REQUEST_BLOCKING {
       log local0. "ASM-R-H: Blocking Content: $CT"
    if the application type isn't SOAP then show the generic error
        if { ([string first $CT "application/soap"] < 0) && ([string first $CT "text/xml"] < 0) } {
            log local0. "ASM-R-H: HTML blocking [ASM::support_id]"
            ASM::payload replace 0 0 [string map "$ [ASM::support_id]" [ifile get "/Common/HTML-Error-Page"]]
            return
        }
    
    handle SOAP errors
       log local0. "ASM-R-H: XML blocking [ASM::support_id]"
        ASM::payload replace 0 0 [string map "$ [ASM::support_id]" [ifile get "/Common/SOAP-Error-Response"]]
        return
    }
    
    when ASM_REQUEST_DONE {
        if { not (([ASM::status] equals "blocked") || ([ASM::status] equals "alarmed")) } { return }
        if { ([string first $CT "application/json"] < 0) && ([string first $CT "application/javascript"] < 0) } { return }
        ASM::unblock
       log local0. "ASM-R-H: alarm status [ASM::status]"
        set JSONProblem [ASM::support_id]
    }
    
    when HTTP_RESPONSE {
        if { $JSONProblem == "" } { return }
       log local0. "ASM-R-H: alarm status $JSONProblem"
        HTTP::respond 500 content "Support ID $JSONProblem"
    }