For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Bob_28727's avatar
Bob_28727
Icon for Nimbostratus rankNimbostratus
Nov 02, 2012

Custom block page with ASM

Hi,

 

I'm fairly new to the ASM and have very little experience with iRules (which I have a feeling will be the only way to accomplish what I want.)

 

Basically, I'd like to know if there's a way to insert the reason for a block in the block response page. Something like Illegal character, or whatever. The reason being is that I have large forms that are being filled out by users, there's currently little to no client side validation, and if a user accidentally enters a wrong character, they will have no idea what it was and how to fix it.

 

So are there any ways to do this, or other variables that can be used other than <%TS.request.ID()%> ?

 

I'm on 11.2, FYI.

 

Thanks!

 

app sec
BIG-IP Access Policy Manager (APM)
security

3 Replies

  • Cory_50405's avatar
    Cory_50405
    Icon for Noctilucent rankNoctilucent
    Nov 02, 2012
    Unsure it would be a very good idea to inform the end user why the ASM is blocking the request. Sure it might be helpful in diagnosing false positives, but it also informs a malicious user why their attempts are being blocked.

     

     

    The better approach would be to disable certain attack signatures on specific parameters or URLs/URIs. Yes it would probably take a while to build and get everything right, but you are using ASM for a reason.
  • BT_90520's avatar
    BT_90520
    Icon for Nimbostratus rankNimbostratus
    Nov 03, 2012
    Agree with Cory. Legit user will not care about specific but can be bothered if cannot access resource but not for the those trying to "poke" holes using scanner ...:) Sometimes, it need not be too verbose but can be for your internal staging site which replicate for troubleshooting and validation...

     

     

    For the specific, you can check out the "ASM::violation_data"

     

    https://devcentral.f5.com/wiki/iRules.ASM_REQUEST_VIOLATION.ashx
  • Bob_28727's avatar
    Bob_28727
    Icon for Nimbostratus rankNimbostratus
    Nov 05, 2012
    I agree with not wanting to be specific in the error response, it would just be to somehow inform the end user that their request was blocked because they entered an illegal character. Most of these end users are going to be very computer illiterate, so when they get a generic block page, they're most likely going to resubmit the same form 5x and then quit from frustration before realizing that they accidentally entered a right bracket in their first name when hitting enter.

     

    Thanks for the input and the violation resource data. I'll see what I can do and try to find a good solution without weakening the security.