F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

Arthur_7109's avatar
Arthur_7109
Icon for Nimbostratus rankNimbostratus
Jan 25, 2012

HTTP::header insert does not work in ASM_REQUEST_VIOLATION?

Hi guys,     This is just in a test environment, and I don't want to open a case with F5.     We have BIG-IP 10.2.1 Build 296.0 Final and it may be limited to this release.     We ha...
application delivery
dev
devops
iRules
hoolio's avatar
hoolio
Icon for Cirrostratus rankCirrostratus
Jan 25, 2012
Hi Arthur,

ASM_REQUEST_VIOLATION is triggered when ASM validates the request. If you insert a header in that event it will be done in the request proxied to the server. The server wouldn't include the header in its response so you wouldn't see the header in HTTP_RESPONSE.

If you want the header inserted in the response so the client sees it, can you try this? If you want to save the output from a command in ASM_REQUEST_VIOLATION, you could do that too and reference it in HTTP_RESPONSE. 


when HTTP_REQUEST {
set insert_header 0
}
when ASM_REQUEST_VIOLATION {
set insert_header 1
}
when HTTP_RESPONSE {
if {$insert_header}{
HTTP::header insert "X-CSRF-VIOLATION" "Smurf"
log local0. "ASM_REQUEST_VIOLATION on [HTTP::uri]"
log local0. "Header value is [HTTP::header X-CSRF-VIOLATION]"
}
}

Or if the check / full policy is in blocking mode, you'd use ASM_REQUEST_BLOCKING:

http://devcentral.f5.com/wiki/iRules.asm.ashx

Aaron