ASM_RESPONSE_VIOLATION SECTION doesnt see ASM violation

Question

Hi&nbsp;When i use this section in an irule it sees most violations so i can manage them but if the HTTP method is DELETE then this section doesnt get called. Why would that happen even though it is blocked in the ASM policy.&nbsp;Thanks

samstep · Answer

The key word here is RESPONSE. If you have a REQUEST with HTTP method DELETE then there is no ASM_RESPONSE_VIOLATION because the request never gets to the server, so there is no response and no response violation. and the reason why your request never gets to the server (pool member) is because the second F5 ASM sees the DELETE in the REQUEST it blocks it.

You should be using ASM_REQUEST_DONE if you want to catch the "Invalid Method" violation which is raised when DELETE method is blocked in the F5 ASM policy

Forum Discussion

ASM_RESPONSE_VIOLATION SECTION doesnt see ASM violation

Recent Discussions

AS3 Limitations

Unable to install firmware OS and drop at 10%

Statistics ›› Analytics : HTTP : Overview

How to Renew F5 Device Certificate

F5 ASM CEF Sending Logs in Specific TimeZone

Related Content

F5 XC related articles in Technical Articles section of DevCentral

F5 XC articles published in the Technical Article section lately March 7 , 2023

Separating False Positives from Legitimate Violations

Rate limiting GraphQL API query using iRule and Advanced WAF Violation

F5 XC articles published in the Technical Article section lately - Jan 29-2023

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS