Forum Discussion
NimbostratusBlocking HTTP Error 500 using F5 ASM
HI, I am new to F5, so need some help here.
I have been asked to block HTTP error 500 occasionally coming from one of our applications, but I have no idea how to do it - apparently I need ASM module? We have BIG-IP 3600 running version 11.2.1
4 Replies
amolariCirrostratus
you can do it with iRules (LTM). If you have ASM licensed on your BIGIP it will be easier to handle. Is it the case?
Emad_26973Cirrus
you can do this without using ASM module. By using Irule either you can redirect to any other application page or send custom response in case of 500 RespCode.
Redirect to error Page.
when HTTP_RESPONSE { if { [HTTP::status] eq "500" } { HTTP::redirect "www.abc.com/error.html" } }Send Custom Response
when HTTP_RESPONSE { if { [HTTP::status] eq "500" } { HTTP::respond 200 content { Error Please contact support. } } }
samstepCirrocumulus
If you use ASM module then HTTP Response Code 500 is blocked by default. Check out the excerpt from the ASM manual:
"Configuring the allowed response status codes
By default, the Application Security Manager accepts all response codes from 1xx to 3xx as valid responses. Response codes from 4xx to 5xx are considered invalid unless added to the Allowed Response Status Codes list. By default, 400, 401, 404, 407, 417, and 503 are on the list as valid HTTP response status codes.If a response contains a response status code from 4xx to 5xx that is not on the list, the system issues the violation, Illegal HTTP status in response. If you configured the security policy to block this violation, the system blocks the response. "
Hope this helps,
Sam
new2f5_202717thank you all for great answers
