For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Chris_123510's avatar
Chris_123510
Icon for Nimbostratus rankNimbostratus
Apr 28, 2016

JSON Response not working in 11.5.3 HF2

We have an iRule that was working in 11.4.0 HF4. Now that we have upgraded to 11.5.3 HF2, our vendors are receiving timeouts from us. The iRule is simply to send back the ASM support ID. Below is the iRule that was given to us that should have worked, but this also started the timeouts.

 

when HTTP_REQUEST {
      if { [HTTP::uri] contains "rest" }  { set rest_content 1
                log local0. "HTTP REQUEST REST DETECTED"
    } else {
        set rest_content 0
}
    }
when ASM_REQUEST_BLOCKING
      {
       log local0. "ASM REQUEST BLOCK:  REST DETECTED= $rest_content"
       if { $rest_content }
       {
        set response "REST Page blocked"
        ASM::payload replace 0 [ASM::payload length] ""
        ASM::payload replace 0 0 $response
        HTTP::header replace Content-Length [ASM::payload length]
       }
      }
when ASM_RESPONSE_VIOLATION
{
   set x [ASM::violation_data]
   log local0. "ASM-SUPPORT-ID: [lindex $x 1 ]"
   set error "[lindex $x 1 ]"
   if {([lindex $x 0] contains "VIOLATION_HTTP_STATUS_IN_RESPONSE")}
   {
      set response "{\"returnStatus\":false,\"returnCodedMessage\":[{\"code\":\"WebService.SystemError\",\"message\":\"The requested operation was rejected. Please consult with your administrator. Your support ID is: $error \"}],\"returnMessage\": []}"
      ASM::payload replace 0 [ASM::payload length] ""
      ASM::payload replace 0 0 $response
      HTTP::header replace Content-Length [ASM::payload length]

}
}
ASM Advanced WAF
devops
iRules

3 Replies

  • Richard_Karon's avatar
    Richard_Karon
    Icon for Employee rankEmployee
    May 13, 2016
    What is it supposed to do? Do you mind rewriting your code with formatting and comments? (there is a "How to format" in the right corner of the answer box) Do you have the specification for what you are trying to accomplish with irule? It maybe that you can accomplish the same thing using a configuration in ASM instead of using an irule.
  • cjunior's avatar
    cjunior
    Icon for Nacreous rankNacreous
    May 13, 2016
    I do not know if it's relevant but, why the "response" variable into the ASM_REQUEST_BLOCKING event hasn't json format? Can this cause some issue to the WS parser?
  • Tikka_Nagi_1315's avatar
    Tikka_Nagi_1315
    Historic F5 Account
    Jun 07, 2016
    The iRule looks good to me. There are three debug log messages in the iRule. These are logged to the /var/log/ltm. Do you see all three messages logged in the log file when it times out?