Forum Discussion

Nimbostratus

Sep 11, 2017

Issue Getting JSON Response Page to Present on ASM Block

Running 12.1.2 HF1 - ASM is configured to present a block response page when illegal requests are detected for a web application. I verified in the logs that illegal requests are being detected and d...

Cirrus

Nov 17, 2020

I had same your error !

At this time, Do you know solution for issue?

Thanks

Hung Hoang

Simon_Blakely
Employee
Nov 17, 2020
Again - if your application is using Ajax and JSON, you need to look at the framework itself to find out what options you have for inserting ASM response reporting into the application flow.

I would have a discussion with the application developer to see how ASM can report errors back to the client in a user friendly way.
- Hoang_Hung
  Cirrus
  Nov 17, 2020
  Hi
  Did you not still search solution for issue!
  I had used your irule previous message. But it cant still display blocking request to my customer !
Ivan_Chernenkii
Employee
Nov 17, 2020
Hello Hoang,

Do you see this issue for AJAX requests?
If YES, then to correctly block AJAX requests you need to enable "AJAX Blocking Behavior (JavaScript Injection)" in your policy.

Thanks, Ivan
- Hoang_Hung
  Cirrus
  Nov 18, 2020
  Hi
  Thanks you for response
  when we enbled AJAX response policy after we sent block page
  But when enable AJAX, Captcha can't reload. So we need disable AJAX.
  Do you know why it had error ?.
  Befor we have enable CSRF ( CSRF will javaScript Injection) >> same error when we enable AJAX.
  Thanks
  Hung Hoang
- Ivan_Chernenkii
  Employee
  Nov 18, 2020
  If AJAX requests are used in your application, then most probably this is single page application. If this is so, then you need to set single_page_application system variable on "Security ›› Options : Application Security : Advanced Configuration : System Variables" page to 1 - it should make java script functionality work correctly with AJAX