Forum Discussion

Nimbostratus

Mar 24, 2011

remove request content/body on ASM_REQUEST_VIOLATION

Hi, Our goal is to allow the webapplications to serve up blocking pages (this is due to pages varying based on location within the same webapp). The only way we've currently been a...

Cirrostratus

Mar 25, 2011

You should be able to replace the payload with nothing using ASM::payload:

http://devcentral.f5.com/wiki/default.aspx/iRules/ASM__payload.html

ASM::payload replace 0 [ASM::payload length] ""

Also be aware that HTTP::header sanitize won't remove all headers--it leaves these:

Connection, Content-Encoding, Content-Length, Content-Type, Proxy-Connection, Set-Cookie, Set-Cookie2, and Transfer-Encoding

HTTP::header sanitize [header name]+

* Removes all headers except the ones you specify and the following: Connection, Content-Encoding, Content-Length, Content-Type, Proxy-Connection, Set-Cookie, Set-Cookie2, and Transfer-Encoding.

* Note that the Host header (required by HTTP/1.1) is removed unless explicitly specified.

* This command can be used in the client-side or server-side context, depending on whether you want to sanitize request and/or response headers.

* If you are using the command in the server-side context, you may want to consider adding Location to the list of retained headers if your application requires they be sent to clients.

* If you are using the command in the client-side context, you may want to consider adding Cookie, Accept, and Accept-Encoding to the list of retained headers.

Aaron

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)