Forum Discussion

Nimbostratus

Feb 28, 2014

HTTP::header in ASM_REQUEST_BLOCKING or ASM_REQUEST_VIOLATION

Hi, when i try to insert a HTTP::header command in ASM_REQUEST_BLOCKING or ASM_REQUEST_VIOLATION i get an error message Illegal argument. Can't execute in the current context. For example ...

Nimbostratus

Mar 05, 2014

Hi,

the LT policy is done by someone else. Here is the rule that is linked in the policy - if this is what you mean..

Trigger ASM iRule Event in the ASM is turned on and active. My iRule is pretty much the same as in the example.

when ASM_REQUEST_BLOCKING
{ 

  set x [ASM::violation_data]

  for {set i 0} { $i < 7 } {incr i} {
      switch $i {
      0         { log local0. "violation=[lindex $x $i]" }
      1         { log local0. "support_id=[lindex $x $i]" }
      2         { log local0. "web_application=[lindex $x $i]" }
      3         { log local0. "severity=[lindex $x $i]" }
      4         { log local0. "source_ip=[lindex $x $i]" }
      5         { log local0. "attack_type=[lindex $x $i]" }
      6         { log local0. "request_status=[lindex $x $i]" }

   }}

   if {([lindex $x 0] contains "VIOLATION_ATTACK_SIGNATURE_DETECTED")}
   {
      log local0. "VIOLATION_ATTACK_SIGNATURE_DETECTED detected, let's customized reject page"
      HTTP::header remove Content-Length
      HTTP::header insert header_1 value_1

      set response "Apology PageWe are sorry,\
         but the site you are looking for is temporarily out of service\
         If you feel you have reached this page in error, please try again."

      ASM::payload replace 0 [ASM::payload length] ""
      ASM::payload replace 0 0 $response
   }   
}

Hope this helps. THX

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)