For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Chris_Miller's avatar
Chris_Miller
Icon for Altostratus rankAltostratus
Feb 08, 2011

HTTP::respond from HTTP_RESPONSE with ASM

I'm considering writing an iRule to detect 404s and 500s. I think I'd like to send the user to a hold page that shows the request they made, explains that it was invalid, and then after 5 seconds or so, send them to a legitimate page. Reading the SOL article below makes me think that because I'm using ASM, I need to disable it as part of the rule.

 

 

http://support.f5.com/kb/en-us/solu...r=12579042

 

 

 

Thoughts?

 

application delivery
dev
devops
iRules

3 Replies

  • hoolio's avatar
    hoolio
    Icon for Cirrostratus rankCirrostratus
    Feb 08, 2011
    Hi Chris,

     

     

    That seems doable. You'd probably want to set 404 and 500 to allowed in the ASM policy to prevent ASM from marking the responses as illegal and blocking them.

     

     

    Aaron
  • Chris_Miller's avatar
    Chris_Miller
    Icon for Altostratus rankAltostratus
    Feb 08, 2011
    Posted By hoolio on 02/08/2011 07:23 AM

     

    Hi Chris,

     

     

    That seems doable. You'd probably want to set 404 and 500 to allowed in the ASM policy to prevent ASM from marking the responses as illegal and blocking them.

     

     

    Aaron

     

    Definitely seems necessary to use ASM::disable and ASM::enable though from within the rule?
  • hoolio's avatar
    hoolio
    Icon for Cirrostratus rankCirrostratus
    Feb 08, 2011
    Sorry, I was thinking the ASM plugin gets the response before HTTP_RESPONSE. But you're right that HTTP_RESPONSE is triggered before ASM gets the response. So you would want to disable ASM and at that point it doesn't matter what is configured for response status code checking in the policy.

     

     

    Aaron