Forum Discussion
cdjac0bsen
Nimbostratus
NimbostratusResponse status code block information
Was wondering how someone has handled keeping disallowed http response status codes away from hacker eyes yet allowed internal support to know what it was at a glance?
We use the rapid deploymen...
Sec-Enabled_658
Cirrostratus
CirrostratusHere is an Irule that I used to provide a way to correlate error codes with actual violations while not specifying the actual violation on the response page. In this Irule, I was handeling http response codes, but you could build on this to handle additional violations. The inside testers would know what error code correlated to which http response code. Ex. Error code 666 is actually a HTTP response code of "500" which is a violation
when HTTP_RESPONSE {
set responsecode [HTTP::status]
log local0. "Response code is $responsecode"
}
when ASM_RESPONSE_VIOLATION
{
set x [ASM::violation_data]
Set error code to 100/unknown
set errorcode 100
set supportid [lindex $x 1]
switch $responsecode {
"404" { set errorcode 777 }
"500" { set errorcode 666 }
"403" { set errorcode 888 }
}
log local0. "Response code $responsecode "
log local0. "Error code set to: $errorcode "
if {([lindex $x 0] contains "VIOLATION_HTTP_STATUS_IN_RESPONSE")}
{
HTTP::header remove Content-Length
HTTP::header insert header_1 value_1
log local0. "VIOLATION_HTTP_STATUS_IN_RESPONSE detected, modify response, support id : $supportid "
set response "Violation PageWe are sorry, but their is a problem with you request: $errorcode
Your support ID is: [lindex $x 1] ."
ASM::payload replace 0 [ASM::payload length] ""
ASM::payload replace 0 0 $response
}
}
