ASM_RESPONSE_VIOLATION SECTION doesnt see ASM violation

Question

Hi&nbsp;When i use this section in an irule it sees most violations so i can manage them but if the HTTP method is DELETE then this section doesnt get called. Why would that happen even though it is blocked in the ASM policy.&nbsp;Thanks

samstep · Answer

The key word here is RESPONSE. If you have a REQUEST with HTTP method DELETE then there is no ASM_RESPONSE_VIOLATION because the request never gets to the server, so there is no response and no response violation. and the reason why your request never gets to the server (pool member) is because the second F5 ASM sees the DELETE in the REQUEST it blocks it.

You should be using ASM_REQUEST_DONE if you want to catch the "Invalid Method" violation which is raised when DELETE method is blocked in the F5 ASM policy

Forum Discussion

ASM_RESPONSE_VIOLATION SECTION doesnt see ASM violation

1 Reply

Recent Discussions

import live updates from version x to version y

Tenant image upgrade

iRule editor partition button does not work

F5Access | MacOS Sonoma

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Related Content

F5 XC articles published in the Technical Article section lately March 7 , 2023

F5 XC related articles in Technical Articles section of DevCentral

Rate limiting GraphQL API query using iRule and Advanced WAF Violation

F5 XC articles published in the Technical Article section lately - Jan 29-2023

Separating False Positives from Legitimate Violations