Forum Discussion
Nimbostratuscustom response per uri with jason code
Hi,
One of the developers would like to have a Jason custom response for ASM blocking for all pages beginning with (not real page) \blabla\*
He would like to put a simple code that will send the server the request ID in Jason and the server in return will display the proper format to the user including the display ID.
This is the format he wishes to receive:
{"error": "invalid character", errorCode: "1231231" }
o Header: Content-type: application/json
o Status: 500
Any ideas? (I'm not so sure we can send the 500 status because F5 is supposed to block it)
Thanks,
Vered
Simon_BlakelyEmployee
You can do this in an iRule triggered on
when ASM_REQUEST_VIOLATION { ... if {[HTTP::uri starts_with "/blabla"} { HTTP::respond 500 content {{"error":"invalid character", errorCode: "1231231"} } Header {Content-Type} {application/json} } ... }Otherwise, you need to create a new ASM policy that sets the Violation response to an HTTP 500 response as required. Use a Local Traffic Policy to select between the two ASM policies based on the HTTP::uri.
veredgfHi,
Thanks for the response - question - if I want to give this response to *all* violations on said uri, then would it be better to set this with a traffic policy? Do I need to create three Virtual servers for this? i.e., one with the real vip and two that have a placeholder vip just for the sake of holding the policy? (I have this done on a different site where we differentiate based on host name via traffic policy).
Thanks again,
Vered
- Walter_Kacynski
Cirrostratus
Can event ASM_REQUEST_BLOCKING be used instead? https://clouddocs.f5.com/api/irules/ASM_REQUEST_BLOCKING.html
- Simon_Blakely
Yes, that's a good option as well.
- Simon_Blakely
> if I want to give this response to *all* violations on said uri, then would it be better to set this with a traffic policy?
I'm not sure I understand what you are getting asking here.
> Do I need to create three Virtual servers for this? i.e., one with the real vip and two that have a placeholder vip just for the sake of holding the policy?
You don't need to attach the ASM policies to a virtual server. You just create the ASM policies, and then assign them via a manually configured Local Traffic Policy.
youssef1Cumulonimbus
Hi,
Using ASM_REQUEST_BLOCKING (https://clouddocs.f5.com/api/irules/ASM_REQUEST_BLOCKING.html) is also a good alternative.
you could also validate in the user request that it is an api request to adapt the answer (json or default web response).
regards
- Walter_Kacynski
It seems like this event would be more efficient as you wouldn't have to enable the ASM policy feature for iRule events.
