Hey DeepSeek, can you write iRules?
Revisiting my article from 2 years ago, I asked the same question to DeepSeek and gave it the same tasks that I gave ChatGPT back then.
MVPHi Danielzi,
what should the iRule do? Show different ASM blocking pages based on different host name header?
Or show the violation data / blocking reason too?
KR
Daniel
AltocumulusDifferent blocking page for status response code 500+
- Daniel_Wolf
Hi Danielzi,
I'm travelling this week, I can write you such iRule when I'm back home. However, I would be very cautious with 500+ HTTP status code pages. They might give attackers valuable information about the stack and frameworks used in your app. Like PHP version or DB server type.
KR
Daniel- Danielzi
Hi
Yes, you are right, but I don’t want to display the error code. I just want to show a different error page than the custom error page I currently have so that I can immediately notify the system administrators that it’s a server issue and not a blockage due to an illegal request.
- Daniel_Wolf
when HTTP_RESPONSE { if { [HTTP::status] == 502 } { set static::illegal_status 1 } } when ASM_RESPONSE_VIOLATION { if { ( [info exists static::illegal_status] ) } { HTTP::header remove Content-Length foreach {viol} [ASM::violation names] { if {$viol eq "VIOLATION_HTTP_STATUS_IN_RESPONSE"} { set response "<html><head><title>WAF Block</title></head><body><h1>Blocked because of Illegal HTTP status in response</h1></body></html>" ASM::payload replace 0 [ASM::payload length] "" ASM::payload replace 0 0 $response } } } }Remarks:
- Maybe add a condition, so that this iRule only get's executed from internal IP addresses.
- Maybe change [HTTP::status} to match a regex instead
- Maybe add a catch statement to check if info exists
- Add an unset to illegal_status for cleaner code
My overall comment to this iRule: It’s not a story the Jedi would tell you. It’s a Sith legend.