Forum Discussion

Nimbostratus

Jul 17, 2018

Illegal HTTP status in response with CDN

We have a F5-ASM, setup to only allow certain response status codes. All others are masked with a 200. We are currently deploying a CDN and the challenge is that these error masked responses are bein...

ASM Advanced WAF

security

samstep

Cirrocumulus

Jul 27, 2018

Hi Poka, if by "masking" you mean ASM Blocking page responding with HTTP 200 when the request is blocked by ASM Policy, then the solution can be easier. ASM blocking response page by default has HTTP Response Code 200, you have 2 options:

1) change the ASM Blocking Response page from HTTP 200 to another code which will not be masked - people most frequently change ASM response code to 403 Forbidden or to 503 Service Unavailable - 4xx and 5xx are not cached by CDN

2) leave ASM Blocking Response Page response code as 200 but add header:

Cache-Control: no-cache

to the ASM blocking response page, this will instruct CDN not to cache the blocking page.

I hope this helps,

Sam

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

Illegal HTTP status in response with CDN

F5 Academies Are Back – And We’re Coming to a City Near You

Introducing the F5 Application Study Tool (AST)

Recent Discussions

Audit Logging on LTM and GTM

Change Content-Type from application/octet-stream to multipart/form-data

Problem with sending BotDefense logs to remote server

What dose "Accept" do in BIG-IP ASM event logs

OSPF traps on BIG-IP v14

Related Content

Disable ASM illegal HTTP status response logging

Introduction of Incident Response

Check a Virtual Server's SSL Status

Pool Member Status HTML5 Page

custom response page for api

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS