Forum Discussion

Nimbostratus

Feb 06, 2019

v13.1 How to overrule an ASM_RESPONSE_VIOLATION of attack type ATTACK_TYPE_INFORMATION_LEAKAGE

The ASM module first scans the request for violations. Without violations the request is then forwarded to the webserver. Next, the ASM module scans the response for violations. Currently, HTTP Respo...

Cirrocumulus

Feb 11, 2019

Allowing HTTP Response Code 500 to be returned to the client is a really bad design as it gives the potential attackers information on how to crash your application.

If you need to allow code 500 response for certain URLs then you can use ASM::disable in iRule

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

v13.1 How to overrule an ASM_RESPONSE_VIOLATION of attack type ATTACK_TYPE_INFORMATION_LEAKAGE

F5 Academy at AppWorld 2026

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

Cisco TACACS+ Config on ISE LTM Pair

iRule causing requests to be duplicated (sometimes)

SSL Bridging and FQDN rewrite Policy

How can I get started with iCall

Checking for X-Forwarded-For against an Address Data-Group

Related Content

F5 AWAF/ASM ASM_RESPONSE_VIOLATION event seem to not trigger on 17.1.x

ASM_RESPONSE_VIOLATION SECTION doesnt see ASM violation

Re: ASM_REQUEST_BLOCKING not being triggered in iRule

Irule for logging Allowed Response status code

Re: Hey DeepSeek, can you write iRules?

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS