Forum Discussion

fredlubrano's avatar
fredlubrano
Icon for Cirrus rankCirrus
Apr 11, 2023

custum reponse page for api

here is a custom response specific to aWaf adapted for the API and status code (406), ex for Maximum Length :

 

 

 

when ASM_REQUEST_BLOCKING {
    set violationDetails [ASM::violation details]
    set supportID [ASM::support_id]
    if { [regexp {json_error.error \{Maximum Length Violation\}} $violationDetails] } {
        set maxLengthViolation 1
        regexp {json_error.tag \{(.+?)\}} $violationDetails _ jsonErrorTag
        regexp {json_error.received ([0-9.]+)} $violationDetails _ jsonErrorReceived
        regexp {json_error.expected ([0-9.]+)} $violationDetails _ jsonErrorExpected
        set customResponse "{\"error\": \"Maximum Length Violation\", \"json_error.tag\": \"$jsonErrorTag\", \"json_error.received\": $jsonErrorReceived, \"json_error.expected\": $jsonErrorExpected, \"SupportID\": \"$supportID\"}"
        ASM::payload replace 0 [ASM::payload length] ""
    }
}

when HTTP_RESPONSE_RELEASE {
    catch {
        if { [info exists maxLengthViolation] } {
            HTTP::respond 406 content $customResponse "Content-Type" "application/json"
        }
    }
}

 

 

 result  :

 

 

{
    "error": "Maximum Length Violation",
    "json_error.tag": "$.livraison.adresse_l42_rue",
    "json_error.received": 53.000000,
    "json_error.expected": 38.000000,
    "SupportID": "7413896671462963248"
}

 

 

 

security

6 Replies

Sort By
  • fredlubrano's avatar
    fredlubrano
    Icon for Cirrus rankCirrus
    Apr 18, 2023

    Update iRule :

     

    when ASM_REQUEST_BLOCKING {
    set violationDetails [ASM::violation details]
    set supportID [ASM::support_id]
    if { [regexp {json_error.error \{Maximum Length Violation\}} $violationDetails] } {
        set maxLengthViolation 1
        regexp {json_error.tag \{(.+?)\}} $violationDetails _ jsonErrorTag
        regexp {json_error.received ([0-9.]+)} $violationDetails _ jsonErrorReceived
        regexp {json_error.expected ([0-9.]+)} $violationDetails _ jsonErrorExpected
        set jsonErrorReceivedInt [expr {int($jsonErrorReceived)}]
        set jsonErrorExpectedInt [expr {int($jsonErrorExpected)}]
        set customResponse [format "{\"type\": \"Business error\",\"title\": \"Maximum Length Violation\", \"detail\": \"%s may only be %d characters, %d found - SupportID: %s\", \"status\": 406}" $jsonErrorTag $jsonErrorExpectedInt $jsonErrorReceivedInt $supportID]
        ASM::payload replace 0 [ASM::payload length] ""
    }
}

when HTTP_RESPONSE_RELEASE {
    catch {
        if { [info exists maxLengthViolation] } {
            HTTP::respond 406 content $customResponse "Content-Type" "application/json"
        }
    }
}
  • Leslie_Hubertus's avatar
    Leslie_Hubertus
    Ret. Employee
    Apr 18, 2023

    Nice, fredlubrano! I've nominated this to become a post in CrowdSRC, where users share solutions like this. I'm also featuring it in today's Community Highlights article so more people can see it!