Forum Discussion

Grandiser's avatar
Grandiser
Icon for Nimbostratus rankNimbostratus
Feb 08, 2024

I need an ASM i-rule that drops the connection upon the occurrence of a violation.

Hi;

 

I need an ASM i-rule that drops the connection upon the occurance of a violation. I don't want to present the default "Blocking response page" to the user, but rather drop the TCP connection. 

 

I have tried

 

when ASM_REQUEST_BlOCKING {

drop

}

 

and the response page still comes up.

 

I have also tried the following ASM i-rule in compatibility mode

when ASM_REQUEST_VIOLATION {

drop

}

 

Still the response page is coming up.

 

Kindly

Wasfi

  • something like this might work.   

    when ASM_REQUEST_VIOLATION {
        # When a request violation occurs, drop the TCP connection
        drop
    }

    when ASM_RESPONSE_VIOLATION {
        # When a response violation occurs, drop the TCP connection
        drop
    }

  • Sometimes the handoffs between the primary proxy and plugin architecture clients like ASM are obscure. You might need to set a variable in the ASM event and then evaluate in the HTTP_RESPONSE_RELEASE event. Try something like this:

    when ASM_REQUEST_VIOLATION {
        set req_violation 1
    }
    when HTTP_RESPONSE_RELEASE {
        if { [info exists req_violation] } {
            drop
        }
    }