For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

custom response page for api

Here is a custom response specific to aWaf adapted for the API and status code (406), ex for Maximum Length :

 

 

when ASM_REQUEST_BLOCKING {
    set violationDetails [ASM::violation details]
    set supportID [ASM::support_id]
    if { [regexp {json_error.error \{Maximum Length Violation\}} $violationDetails] } {
        set maxLengthViolation 1
        regexp {json_error.tag \{(.+?)\}} $violationDetails _ jsonErrorTag
        regexp {json_error.received ([0-9.]+)} $violationDetails _ jsonErrorReceived
        regexp {json_error.expected ([0-9.]+)} $violationDetails _ jsonErrorExpected
        set customResponse "{\"error\": \"Maximum Length Violation\", \"json_error.tag\": \"$jsonErrorTag\", \"json_error.received\": $jsonErrorReceived, \"json_error.expected\": $jsonErrorExpected, \"SupportID\": \"$supportID\"}"
        ASM::payload replace 0 [ASM::payload length] ""
    }
}

when HTTP_RESPONSE_RELEASE {
    catch {
        if { [info exists maxLengthViolation] } {
            HTTP::respond 406 content $customResponse "Content-Type" "application/json"
        }
    }
}

 

 

 

 

 result  :

 

 

{
    "error": "Maximum Length Violation",
    "json_error.tag": "$.livraison.adresse_l42_rue",
    "json_error.received": 53.000000,
    "json_error.expected": 38.000000,
    "SupportID": "7413896671462963248"
}

 

 

 

 

Updated iRule :

 

 

when ASM_REQUEST_BLOCKING {
    set violationDetails [ASM::violation details]
    set supportID [ASM::support_id]
    if { [regexp {json_error.error \{Maximum Length Violation\}} $violationDetails] } {
        set maxLengthViolation 1
        regexp {json_error.tag \{(.+?)\}} $violationDetails _ jsonErrorTag
        regexp {json_error.received ([0-9.]+)} $violationDetails _ jsonErrorReceived
        regexp {json_error.expected ([0-9.]+)} $violationDetails _ jsonErrorExpected
        set jsonErrorReceivedInt [expr {int($jsonErrorReceived)}]
        set jsonErrorExpectedInt [expr {int($jsonErrorExpected)}]
        set customResponse [format "{\"type\": \"Business error\",\"title\": \"Maximum Length Violation\", \"detail\": \"%s may only be %d characters, %d found - SupportID: %s\", \"status\": 406}" $jsonErrorTag $jsonErrorExpectedInt $jsonErrorReceivedInt $supportID]
        ASM::payload replace 0 [ASM::payload length] ""
    }
}

when HTTP_RESPONSE_RELEASE {
    catch {
        if { [info exists maxLengthViolation] } {
            HTTP::respond 406 content $customResponse "Content-Type" "application/json"
        }
    }
}

 

 

 

Published Jun 26, 2023
Version 1.0
security
No CommentsBe the first to comment