For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

kimhenriksen's avatar
kimhenriksen
Icon for Cirrocumulus rankCirrocumulus
May 24, 2023
Solved

ASM block page for use with API waf policy

Hey all! I´ve setup a asm waf policy for a webservice that handels api calls. But the standard response on a block is a 200 OK with the block webpage, which works great if a person can see it on the...
api
application delivery
BIG-IP Access Policy Manager (APM)
policy
  • Nikoolayy1's avatar
    Nikoolayy1
    May 25, 2023

    Also keep in mind that ASM_REQUEST_DONE irule event will show you support id even for good requests, so if you want to insert the header only when there is violation then you can use ASM_REQUEST_BLOCKING as a replacement for ASM_REQUEST_DONE as it will trigger only for bad requests.

  • kimhenriksen's avatar
    kimhenriksen
    May 25, 2023

    Just an update from me. I found a much much simpler way to accomplish this.

    In the settings for the policy and under response and blocking pages, i edit and created a new header and just used the support id variable from the page on the header and that worked like a charm. No irules to apply or anything. 😄

c27705074's avatar
c27705074
Icon for Altostratus rankAltostratus
Nov 13, 2023

Haha, appreciate it. 🤣

Do we remove the HTML in the Response Body? 

kimhenriksen's avatar
kimhenriksen
Icon for Cirrocumulus rankCirrocumulus
Nov 13, 2023

I didn´t. The systems that cant read the html just dont, but when people test manually they still got the page so it´s easily readable by both.

  • c27705074's avatar
    c27705074
    Icon for Altostratus rankAltostratus
    Nov 14, 2023

    Thank you.