Forum Discussion
Yozzer
Nimbostratus
NimbostratusASM support ID
Does anyone know if the page that reports ASM violations can be tailored to report a list of specific attacks and not all violations?
For example is it possible to return a different page for Internal 500 errors than Cross Site Scriting attacks identified by ASM?
Thanks
6 Replies
YozzerFor example we use the Response Pages tab off the Application Security >> Policy tab to send a response to the user when the security policy blocks a client request:
html>Request Rejected
I want to only send this request for certain security policy blocks and not for others. Is this possible? or is it possible using an irule?- Yozzer
For example we use the Response Pages tab off the Application Security >> Policy tab to send a response to the user when the security policy blocks a client request:
script language="javascript">document.location.href="/support.aspx?ID=<%TS.request.ID()%>";I want to only send this request for certain security policy blocks and not for others. Is this possible? or is it possible using an irule?
- YozzerTrying to use the irule here https://devcentral.f5.com/wiki/iRules.ASM__violation_data.ashx to log ASM violations but it doesnt seem that the irule is being triggered. Is there anything i need to configure in the security policy to make this work?
Thanks - YozzerFor example:
when ASM_REQUEST_VIOLATION
{
set x [ASM::violation_data]
foreach i $x {
log local0. "i=$i"
}
}
doesnt trigger when we get an ASM violation on V11. 
Mike_MaherYes I believe you need to go to Application Security > Policy > Policy > Properties, drop down for Advanced settings and click the box for Trigger ASM iRule Event- YozzerYep, found it thks
