Forum Discussion
Return ASM Violation in Response
- Aug 20, 2020
I don't know how to do it in simple way, but you can try to use ASM iRule for this purpose.
Something like this:
when ASM_REQUEST_BLOCKING {
set x [ASM::violation_data]
#c_ stands for "custom"
set c_brp "<html>
<head>
<title>This is a custom BRP!</title>
</head>
<body>
<h1>The request was blocked and next violations were detected: [lindex $x 0].</h1>
</body>
</html>"
set c_brplen [string length $c_brp]
HTTP::header replace "Content-length" $c_brplen
#ASM already formed a BRP, so we delete it first and place ours instead
#d_ stands for "default"
set d_brplen [ASM::payload length]
ASM::payload replace 0 $d_brplen $c_brp
}
Thanks, Ivan
Hi Ivan,
Thanks for your response, I have gotten real value from your responses in this forum.
If possible, I would like to return the asm::violation names in the response page (reason for block in response). Use case is internal customers refuse to search support ID in SIEM. This would be implemented in a non-production environment.
Thanks,
L
- Ivan_ChernenkiiAug 20, 2020Employee
I don't know how to do it in simple way, but you can try to use ASM iRule for this purpose.
Something like this:
when ASM_REQUEST_BLOCKING {
set x [ASM::violation_data]
#c_ stands for "custom"
set c_brp "<html>
<head>
<title>This is a custom BRP!</title>
</head>
<body>
<h1>The request was blocked and next violations were detected: [lindex $x 0].</h1>
</body>
</html>"
set c_brplen [string length $c_brp]
HTTP::header replace "Content-length" $c_brplen
#ASM already formed a BRP, so we delete it first and place ours instead
#d_ stands for "default"
set d_brplen [ASM::payload length]
ASM::payload replace 0 $d_brplen $c_brp
}
Thanks, Ivan
- LBSep 01, 2020Cirrus
Thanks Ivan, I will try this.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com