Forum Discussion
LB
Cirrus
CirrusReturn ASM Violation in Response
Hey folks, Is it possible to return the ASM violation in the response body? If so, what does that logic look like?
I don't know how to do it in simple way, but you can try to use ASM iRule for this purpose.
Something like this:
when ASM_REQUEST_BLOCKING {
set x [ASM::violation_data]
#c_ stands for "custom"
set c_brp "<html>
<head>
<title>This is a custom BRP!</title>
</head>
<body>
<h1>The request was blocked and next violations were detected: [lindex $x 0].</h1>
</body>
</html>"
set c_brplen [string length $c_brp]
HTTP::header replace "Content-length" $c_brplen
#ASM already formed a BRP, so we delete it first and place ours instead
#d_ stands for "default"
set d_brplen [ASM::payload length]
ASM::payload replace 0 $d_brplen $c_brp
}
Thanks, Ivan
LBCirrus
CirrusHi Ivan,
Thanks for your response, I have gotten real value from your responses in this forum.
If possible, I would like to return the asm::violation names in the response page (reason for block in response). Use case is internal customers refuse to search support ID in SIEM. This would be implemented in a non-production environment.
Thanks,
L
Ivan_Chernenkii
Employee
EmployeeI don't know how to do it in simple way, but you can try to use ASM iRule for this purpose.
Something like this:
when ASM_REQUEST_BLOCKING {
set x [ASM::violation_data]
#c_ stands for "custom"
set c_brp "<html>
<head>
<title>This is a custom BRP!</title>
</head>
<body>
<h1>The request was blocked and next violations were detected: [lindex $x 0].</h1>
</body>
</html>"
set c_brplen [string length $c_brp]
HTTP::header replace "Content-length" $c_brplen
#ASM already formed a BRP, so we delete it first and place ours instead
#d_ stands for "default"
set d_brplen [ASM::payload length]
ASM::payload replace 0 $d_brplen $c_brp
}
Thanks, Ivan
- LB
Thanks Ivan, I will try this.