Forum Discussion

Nimbostratus

Apr 13, 2017

Set HTTP::header when ASM_REQUEST_DONE

I want to set a header within the ASM_REQUEST_DONE event. I have the logic to do what I need but it does not set the header. There are examples on this site of people doing it but it does not work fo...

Nacreous

Apr 17, 2017

Hi, you could try something like this:

when ASM_REQUEST_DONE {
    if { [ASM::status] ne "clear" } {
        foreach {viol} [ASM::violation names] {
          log local0. "Violation is $viol"
          if {$viol eq "VIOLATION_HTTP_SANITY_CHECK_FAILED"} {
              log local0. "Yep, found VIOLATION_HTTP"
                set violation_http_found 1
            } 
        }
    }
}
when HTTP_RESPONSE_RELEASE {
    if { [info exists violation_http_found] } {
        HTTP::header insert WAF VIOLATION_HTTP
        unset violation_http_found
    }
}

Regards.

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Set HTTP::header when ASM_REQUEST_DONE

F5 Academy at AppWorld 2026

Aswin MK - November 2025 Featured Member

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

CVE mitigation on F5 XC vs classic F5 WAF

Could not communicate with the system. Try to reload page.

F5 XC 503 upstream_reset_before_response_started{protocol_error}

UCS Encryption Question

BIG-IP VE: 40G Throughput from 4x10G physical NICs

Related Content

(HTTP) Redirection via Arbitrary Host Header

Log Http Headers

APM HTTP Connector request and HTTP Headers

Re: F5 XC Distributed Cloud HTTP Header manipulations and matching of the client ip/user HTTP header

F5 NGINX HTTP Request Header Rules: What’s Permitted and What’s Not

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS