Forum Discussion
ctadev
Nimbostratus
NimbostratusMock application response for uri in ASM policy
Hello, (I apologize for the quality of my English.) Presentation of my context: In my company, I have an F5 (WAF) installed on a closed development environment that does not have access to applicat...
F5-Enthusiast
Altocumulus
Altocumulusyou can do of cause. Just create an iRule which will trigger with your api call
and then modify the response as needed. you can also modify headers and so on
when HTTP_REQUEST {
if {[string tolower [HTTP::uri]] starts_with "/text"} {
set page \
"<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\">
<html><head><title>my API Response </title></head>
<body text=#000000>
<h2><font face=Verdana>API $servercolor</font></h2>
</table></font></body></html>"
}
HTTP::respond 200 -version auto content "$page"
return
}
ctadevHello F5-Enthusiast,
Thank you for your response.
I would like to know if it is possible to apply the ASM security policy to the information sent in my URI?
For example, I have an ASM policy called "SUPREM_ASM_POLICY" that only allows the URI "/param1" and the parameter "value1".
I am using a curl command that triggers the iRule attached to the virtual server:
curl -X GET "https://<virtual-server-ip>/param1?value1=test" -H "accept: application/json" -k.
When I run this curl command, I want my iRule to retrieve the information "/param1?value1=test" and check if the URI and parameter match the rules defined in the ASM security policy.
If I run the curl command with the URI "/param1?value1=test", there should not be any error.
However, if I run the curl command with the URI "/param2?value1=test", I want to display an error message (because "param2" has not been declared in the ASM).
Is it possible to use my "SUPREM_ASM_POLICY" security policy in my iRule to verify this information?
(Edited to tag F5-Enthusiast. - Leslie)