Forum Discussion
HarshaPotharaju
Nimbostratus
NimbostratusURL rewrite iRule - ASM
ASM is blocking a request which doesn't have domain name in one of the parameters in the URI.
Background: example.domain.com is a VIP and has ASM enabled. Below is the default breakdown login page that changes per request, the issue is one of parameters(resource_url), is missing the domain name, example.domain.com before the context root, /user/loginsso, and ASM thinks it's a web command execution attack and blocking it and I don't want to unblock ASM for this particular request type.
I think rewriting the URI fixes the issue but,
-
if it is an LTM iRule, does ASM triggers based on the source URL or rewrite URL?
-
if based on source URL, then what are the config changes to be done in the ASM?
-
and couple of paramters in the url changes per request, so not sure how to use the stringmap, please help.
https://example.domain.com/login/login.html
?bmctx=some random ID that changes per request
&contextType=external
&miscCookies=disablehttponly
&username=string
&OverrideRetryLimit=1
&password=secure_string
&challenge_url=https://example.domain.com/login/login.html
&ssoCookie=disablehttponly
&DCCCtxCookieMaxLength=5000
&request_id=some ID that changes per request
&authn_try_count=0
&locale=en_US
&resource_url=/user/loginsso
Expected:
resource_url=https://example.domain.com/user/loginsso
- Kai_Wilke
MVP
Hi Harsha,
the
event is executed before ASM received the request. If you manipulate the request within this event, ASM is going to enforce its policy based on the already manipulated request.HTTP_REQUESTThe iRule below will check for the badly formated login page requests and transparently rewrites them to the correct format.
when HTTP_REQUEST { if { [string match -nocase "/login/login.html*&resource_url=/user/loginsso*" [HTTP::uri]] } then { HTTP::uri [string map -nocase { "&resource_url=/user/loginsso" "&resource_url=https://example.domain.com/user/loginsso" } [HTTP::uri]] } }Cheers, Kai
