For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

kridsana's avatar
kridsana
Icon for Cirrocumulus rankCirrocumulus
Feb 27, 2018

iRule for ASM response page and error when use HTTP::respond

Hi I've problem about irule below which i try to customize information in response page of ASM via irule. In this case we trigger ASM_REQUEST_DONE and get all parameter of violation data.and we use...
ASM Advanced WAF
devops
iRules
response page
security
JG's avatar
JG
Icon for Cumulonimbus rankCumulonimbus
Feb 28, 2018

You can try the following (untested):

when ASM_REQUEST_DONE {
    set x [ASM::violation_data]
    for {set i 0} { $i < 7 } {incr i} {
        switch $i {
        0         { log local0. "violation=[lindex $x $i]" }
        1         { log local0. "support_id=[lindex $x $i]" }
        2         { log local0. "web_application=[lindex $x $i]" }
        3         { log local0. "severity=[lindex $x $i]" }
        4         { log local0. "source_ip=[lindex $x $i]" }
        5         { log local0. "attack_type=[lindex $x $i]" }
        6         { log local0. "request_status=[lindex $x $i]" }
        }
    }

    if {([lindex $x 6] == "blocked")} {
        In this case we only use 2 parameter: support id and source ip
        set supportid [lindex $x 1]
        set sourceip [lindex $x 4]
        set blocked "blocked"
        ASM::unblock
    }
}

when HTTP_REQUEST_SEND {
    if { [info exists blocked] } {
        HTTP::respond 200 content "Test block pagePage is currently unavailable.
support id:$supportid
source ip:$sourceip" "Content-Type" "text/html"
        TCP::close
    }
}

.