Forum Discussion
James_Betts_290
Oct 19, 2016Cirrus
ASM issue, need to return HTTP 500 to client in certain cases
I've written a script that captures the "Content-Type" header from requests. In the event that ASM blocks the request, I need to respond to the client with one of three types of responses (I'm using ...
- Oct 19, 2016
This is not pretty but it works for the problem I had:
Note: 1. You must enable ASM events for the policy that you intend to invoke this with. 2. Make a custom blocking response page that is nothing but spaces and CR/LF that is as large as the iFile that you will be putting in ASM::payload. 3. In your iFile, use a "$" character where you want the ASM::support_ID to show when HTTP_REQUEST { set CT [string tolower [HTTP::header Content-Type]] log local0. "ASM-R-H: Content: $CT" } when ASM_REQUEST_BLOCKING { log local0. "ASM-R-H: Blocking Content: $CT" if the application type isn't SOAP then show the generic error if { ([string first $CT "application/soap"] < 0) && ([string first $CT "text/xml"] < 0) } { log local0. "ASM-R-H: HTML blocking [ASM::support_id]" ASM::payload replace 0 0 [string map "$ [ASM::support_id]" [ifile get "/Common/HTML-Error-Page"]] return } handle SOAP errors log local0. "ASM-R-H: XML blocking [ASM::support_id]" ASM::payload replace 0 0 [string map "$ [ASM::support_id]" [ifile get "/Common/SOAP-Error-Response"]] return } when ASM_REQUEST_DONE { if { not (([ASM::status] equals "blocked") || ([ASM::status] equals "alarmed")) } { return } if { ([string first $CT "application/json"] < 0) && ([string first $CT "application/javascript"] < 0) } { return } ASM::unblock log local0. "ASM-R-H: alarm status [ASM::status]" set JSONProblem [ASM::support_id] } when HTTP_RESPONSE { if { $JSONProblem == "" } { return } log local0. "ASM-R-H: alarm status $JSONProblem" HTTP::respond 500 content "Support ID $JSONProblem" }
James_Betts_290
Cirrus
This is not pretty but it works for the problem I had:
Note:
1. You must enable ASM events for the policy that you intend to invoke this with.
2. Make a custom blocking response page that is nothing but spaces and CR/LF
that is as large as the iFile that you will be putting in ASM::payload.
3. In your iFile, use a "$" character where you want the ASM::support_ID to show
when HTTP_REQUEST {
set CT [string tolower [HTTP::header Content-Type]]
log local0. "ASM-R-H: Content: $CT"
}
when ASM_REQUEST_BLOCKING {
log local0. "ASM-R-H: Blocking Content: $CT"
if the application type isn't SOAP then show the generic error
if { ([string first $CT "application/soap"] < 0) && ([string first $CT "text/xml"] < 0) } {
log local0. "ASM-R-H: HTML blocking [ASM::support_id]"
ASM::payload replace 0 0 [string map "$ [ASM::support_id]" [ifile get "/Common/HTML-Error-Page"]]
return
}
handle SOAP errors
log local0. "ASM-R-H: XML blocking [ASM::support_id]"
ASM::payload replace 0 0 [string map "$ [ASM::support_id]" [ifile get "/Common/SOAP-Error-Response"]]
return
}
when ASM_REQUEST_DONE {
if { not (([ASM::status] equals "blocked") || ([ASM::status] equals "alarmed")) } { return }
if { ([string first $CT "application/json"] < 0) && ([string first $CT "application/javascript"] < 0) } { return }
ASM::unblock
log local0. "ASM-R-H: alarm status [ASM::status]"
set JSONProblem [ASM::support_id]
}
when HTTP_RESPONSE {
if { $JSONProblem == "" } { return }
log local0. "ASM-R-H: alarm status $JSONProblem"
HTTP::respond 500 content "Support ID $JSONProblem"
}
James_Betts_290
Oct 19, 2016Cirrus
If there is a more elegant way to tackle this, I'd be interested in seeing it. Thanks to everyone who answered me.
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects