Forum Discussion

Altostratus

Jun 12, 2019

HTTP Compliance Exception

We have implemented ASM recently and one request was blocked because of content length being 0. Checked with application team and as per them that shouldn't be blocked. Is there a way to exclude a UR...

MVP

Something like this:

when ASM_REQUEST_DONE {
  set uri [HTTP::uri]
  foreach violation [ASM::violation names] {
      if { $uri starts_with "/login.php" && [ASM::violation count] < 2 } {
          foreach attack [ASM::violation attack_types] {
              switch $attack {
                  "ATTACK_TYPE_HTTP_REQUEST_SMUGGLING_ATTACK" -
                  "ATTACK_TYPE_HTTP_PARSER_ATTACK" {
                      log local0. "Violation: $violation and attack: $attack detected for URI $uri, but allowed anyway."
                      ASM::unblock
                  }
              }
          }
      } else {
          # More than one violation, too dangerous to Unblock
          return
      }
  }
}

BTW, this is the way to test with curl if you want to send an empty HTTP header:

curl -v http://10.23.98.101/login.php -H "If-None-Match;"

Niels_van_Sluis

MVP

Jun 13, 2019

Did you enable the 'Trigger ASM iRule Events' in your security policy? It's in the advanced settings.