HTTP::header insert does not work in ASM_REQUEST_VIOLATION?

Question

Hi guys,&nbsp;
&nbsp;This is just in a test environment, and I don't want to open a case with F5.&nbsp;
&nbsp;We have BIG-IP 10.2.1 Build 296.0 Final and it may be limited to this release.&nbsp;
&nbsp;We have these irules&nbsp;
&nbsp;when ASM_REQUEST_VIOLATION {
&nbsp;    HTTP::header insert "X-CSRF-VIOLATION" "Smurf"
&nbsp;    log local0. "ASM_REQUEST_VIOLATION on [HTTP::uri]"
&nbsp;    log local0. "Header value is [HTTP::header X-CSRF-VIOLATION]"
&nbsp;}&nbsp;
&nbsp;when HTTP_RESPONSE {
&nbsp;    log local0. "Header value is [HTTP::header X-CSRF-VIOLATION]"
&nbsp;}&nbsp;
&nbsp;and the syslogs are&nbsp;&nbsp;Jan 25 15:27:07 local/tmm info tmm[4918]: Rule ir_test_CSRF &lt; ASM_REQUEST_VIOLATION &gt;: ASM_REQUEST_VIOLATION on /portal/contactblock.asp?module=pcbbinfo
&nbsp;Jan 25 15:27:07 local/tmm info tmm[4918]: Rule ir_test_CSRF &lt; ASM_REQUEST_VIOLATION &gt;: Header value is Smurf
&nbsp;Jan 25 15:27:07 local/tmm info tmm[4918]: Rule ir_test_CSRF &lt; HTTP_RESPONSE &gt;: Header value is&nbsp;&nbsp;It appears that the new header is not inserted (and it is not seen in the browser either).&nbsp;
&nbsp;So it looks like the "HTTP::header insert" in ASM_REQUEST_VIOLATION does not "stick"?&nbsp;
&nbsp;Arthur&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;

hooleylist · Answer

Hi Arthur, 
  
 ASM_REQUEST_VIOLATION is triggered when ASM validates the request.  If you insert a header in that event it will be done in the request proxied to the server.  The server wouldn't include the header in its response so you wouldn't see the header in HTTP_RESPONSE. 
  
 If you want the header inserted in the response so the client sees it, can you try this?  If you want to save the output from a command in ASM_REQUEST_VIOLATION, you could do that too and reference it in HTTP_RESPONSE.

when HTTP_REQUEST {
set insert_header 0
}
when ASM_REQUEST_VIOLATION {
set insert_header 1
}
when HTTP_RESPONSE {
if {$insert_header}{
HTTP::header insert "X-CSRF-VIOLATION" "Smurf"
log local0. "ASM_REQUEST_VIOLATION on [HTTP::uri]"
log local0. "Header value is [HTTP::header X-CSRF-VIOLATION]"
}
}

Or if the check / full policy is in blocking mode, you'd use ASM_REQUEST_BLOCKING: 
 http://devcentral.f5.com/wiki/iRules.asm.ashx 
  
 Aaron

arthur_7109 · Answer

Thanks Aaron, of course :-) that make sense. 
&nbsp;  
&nbsp; It's working OK now (I had to move log local0. "ASM_REQUEST_VIOLATION on [HTTP::uri]" as HTTP::uri is not available in HTTP_RESPONSE). 
&nbsp;  
&nbsp; Arthur

hooleylist · Answer

Yeah, [HTTP::uri] isn't saved automatically after the request is sent to the pool.  If you did want to log the value in HTTP_RESPONSE, you could save the value to a variable in HTTP_REQUEST. 
&nbsp;  
&nbsp; Aaron

Forum Discussion

HTTP::header insert does not work in ASM_REQUEST_VIOLATION?

Recent Discussions

F5 looses the token for the first call

iRule - Url rewrite and header replace and pool selection not working

Switch ssl profile based on weak cipher detection via IRULE

full-proxy HTTP2

Decode ObjectSID from Base64-encode string

Related Content

HTTP Header insert

APM AdAuth HTTP Header Insert iRule Switch Statement

(HTTP) Redirection via Arbitrary Host Header

F5 XC Distributed Cloud HTTP Header manipulations and matching of the client ip/user HTTP headers

Inserting a http header on the response to the client

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS