Forum Discussion
ErkkiS_295148
Cirrus
CirrusDifferent response for violations
Hello!
I created a redirection for externals (by whitelisting the internal range to bypass ASM) when stumbled upon Illegal URL and under custom block page redirected people to the correct one.
This is all good and working and app owners are very happy with this behavior.
However now I am faced with an issue - how to use a different page for all other violations?
I'd like to use the ASM not as a dedicated re-director in case violation happens (for all violations) but show Support-ID as well in case user generates a violation after I start adding an additional layer of security with signatures, methods, etc and this should be a custom page not a redirect.
Any tips if it is possible to handle the situation without using an external server and perhaps even iRules?
I have looked through many posts and didn't find quite what I was looking for.
Regards, Erkki
It is a bit difficult to answer this without knowing the configuration. A solution for this would require a custom iRule. You may want to use these as a starting point: https://clouddocs.f5.com/api/irules/ASM_REQUEST_VIOLATION.html https://clouddocs.f5.com/api/irules/ASM_REQUEST_DONE.html
 
I would recommend that you open a case with f5 support on this.
 
samstepCirrocumulus
Redirection based on source IP address is best done on LTM not ASM using Local Traffic Policy or an iRule.
ASM Blocking page should really be used for genuine security policy violations, not for redirecting users to a different page.
There are lots of sample iRules on DevCentral - just search for "source ip" and "redirect". Local Traffic policy config is more or less user-friendly and the guide is available here:
ErkkiS_295148https://https://devcentral.f5.com/s/feed/0D51T00006i7QwjSAE
 
This seems the closest match to my situation that i could find except I got "Illegal URL" as violation instead of "Virus found". So it seems I can either pass a violation data values into the application logic and let the application guys display the different messages (also using their fonts, colors, css, error box etc which is good) or write a custom iRule which redirects the page in case of "Illegal URL" to the correct page and shows support-id etc in case of other violations.