For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

man's avatar
man
Icon for Nimbostratus rankNimbostratus
Dec 20, 2021
Solved

Irule for logging Allowed Response status code

hi everyone

I have configured a policy that 500 code is not in the Allowed Response status code list on Policy Properties tab. But when i use asm events in i rule it doesnt log anything:

when ASM_RESPONSE_VIOLATION {

   log local0. "[ASM::violation_data]. unblocked for [IP::client_addr]"

}

I tested this events but nothing is logged and events doesnt trigger.

ASM_REQUEST_BLOCKING

ASM_REQUEST_DONE

ASM_REQUEST_VIOLATION

ASM_RESPONSE_VIOLATION

IN_DOSL7_ATTACK

ASM Advanced WAF
BIG-IP
security

2 Replies

  • KeesvandenBos's avatar
    KeesvandenBos
    Icon for MVP rankMVP
    Dec 20, 2021

    Hi,

     

    Did you enable Trigger ASM iRule Events on your ASM policy??

     

    Cheers,

     

    Kees

  • man's avatar
    man
    Icon for Nimbostratus rankNimbostratus
    Dec 21, 2021

    I enabled it and it works fine now. thank you for your response Kees