For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Manoranajn_3164's avatar
Manoranajn_3164
Icon for Nimbostratus rankNimbostratus
Apr 06, 2017

Custom Response to disallowed geo location

Hello So, I have been trying to create an iRule that can enable me to present a custom response in case a user access application from a disallowed geo-location, but its not working. following is t...
ASM Advanced WAF
iRules
security
Kai_Wilke's avatar
Kai_Wilke
Icon for MVP rankMVP
Apr 08, 2017

Hi Manoranajn,

take a look to the iRule below. It uses a less complicated approach to debug log the violation data and updates in addition the "Content-Length" header information, after changing the response.

when ASM_REQUEST_BLOCKING {
    set x [ASM::violation_data]
    log local0.debug "violation=[lindex $x [set i 0]]"
    log local0.debug "support_id=[lindex $x [incr i]]"
    log local0.debug "web_application=[lindex $x [incr i]]"
    log local0.debug "severity=[lindex $x [incr i]]"
    log local0.debug "source_ip=[lindex $x [incr i]]"
    log local0.debug "attack_type=[lindex $x [incr i]]"
    log local0.debug "request_status=[lindex $x [incr i]]"
    if { [lindex $x 0] contains "ATTACK_TYPE_OTHER_APPLICATION_ACTIVITY" } then {
        log local0.debug "ATTACK_TYPE_OTHER_APPLICATION_ACTIVITY detected, let's customized reject page"
        ASM::payload replace 0 [ASM::payload length] ""
        ASM::payload replace 0 0 "Request Rejected PageSorry, access to this site is restricted."
        HTTP::header remove "Content-Length"
        HTTP::header insert "Content-Length" [ASM::payload length]
    }
}

Cheers, Kai