Forum Discussion

Hoang_Hung's avatar
Hoang_Hung
Icon for Cirrus rankCirrus
Sep 17, 2021

[Irule][ASM] Header name with no header value

Hi all I have setup a ASM profile and all my application will through BIG-IP WAF. But I have a issue " HTTP Protocol Compliance Failed: Header name with no header value " for a resquest with heade...
application delivery
ASM Advanced WAF
devops
iRules
oguzy's avatar
oguzy
Icon for Cirrostratus rankCirrostratus

Hi Hoang Hung,

You can check this article: Disabling a violation for a URL using an iRule (f5.com)

According to article, first get the violation name in a separate irule and then use that violation name in second irule with your host header condition. Do not forget to change the "Specific_ASM_Violation" value with the name of matched violation, when the request with header name "abc" has no value.

when ASM_REQUEST_DONE {
  if {[ASM::violation names] contains "Specific_ASM_Violation" and [HTTP::header "abc"] equals "" } {
    ASM::unblock
    log local0. "ASM unblocking"
  }
}
Hoang_Hung's avatar
Hoang_Hung
Icon for Cirrus rankCirrus
Sep 18, 2021

Thank Oguzy

I was been read article, I saw F5 use irule get violation name.

But I had event log on F5. Is it Http protocol compliance failed , right ?

Thanks

Hoang Hung

  • oguzy's avatar
    oguzy
    Icon for Cirrostratus rankCirrostratus
    Sep 18, 2021

    Hi Hoang,

     

    Could you please try to determine the exact violation name using the following steps:

     

    1. Log in to the Configuration utility.
    2. Go to Local Traffic iRules > iRule list.
    3. Select Create.
    4. For Definition, enter the following iRule code:
    5. when ASM_REQUEST_DONE {
    6. log local0. "ASM violation name: [ASM::violation names]"
    7. }
    8. Select Update.
    9. Associate the iRule with the appropriate virtual server.
    10. Send a request that triggers the violation that you want to forward to the OWS.
    11. Log in to the BIG-IP command line and search for the name of the violation.
    12. For example:
    13. grep -i violation /var/log/ltm
    14. The following log entry shows an example of a violation name as it should be used in the iRule:
    15. tmm[25875]: Rule /Common/asm_violation <ASM_REQUEST_DONE>: ASM violation name: VIOLATION_ILLEGAL_METHOD
    16. After you determine the violation name that you want to use in the iRule, you can remove the previous iRule from the virtual server configuration.