For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Portallion_1480's avatar
Portallion_1480
Icon for Nimbostratus rankNimbostratus
Sep 11, 2017

Issue Getting JSON Response Page to Present on ASM Block

Running 12.1.2 HF1 - ASM is configured to present a block response page when illegal requests are detected for a web application. I verified in the logs that illegal requests are being detected and d...
application delivery
ASM Advanced WAF
iRules
Hoang_Hung's avatar
Hoang_Hung
Icon for Cirrus rankCirrus
Nov 17, 2020

Hi  

I had same your error !

At this time, Do you know solution for issue?

 

Thanks

Hung Hoang

Ivan_Chernenkii's avatar
Ivan_Chernenkii
Icon for Employee rankEmployee
Nov 17, 2020

Hello Hoang,

 

Do you see this issue for AJAX requests?

If YES, then to correctly block AJAX requests you need to enable "AJAX Blocking Behavior (JavaScript Injection)" in your policy.

 

Thanks, Ivan

  • Hoang_Hung's avatar
    Hoang_Hung
    Icon for Cirrus rankCirrus
    Nov 18, 2020

    Hi  

    Thanks you for response

    when we enbled AJAX response policy after we sent block page

    But when enable AJAX, Captcha can't reload. So we need disable AJAX.

    Do you know why it had error ?.

    Befor we have enable CSRF ( CSRF will javaScript Injection) >> same error when we enable AJAX.

    Thanks

    Hung Hoang

  • Ivan_Chernenkii's avatar
    Ivan_Chernenkii
    Icon for Employee rankEmployee
    Nov 18, 2020

    If AJAX requests are used in your application, then most probably this is single page application. If this is so, then you need to set single_page_application system variable on "Security ›› Options : Application Security : Advanced Configuration : System Variables" page to 1 - it should make java script functionality work correctly with AJAX