cancel
Showing results for 
Search instead for 
Did you mean: 

[Irule][ASM] Header name with no header value

Hoang_Hung
Altostratus
Altostratus

Hi all

I have setup a ASM profile and all my application will through BIG-IP WAF.

But I have a issue " HTTP Protocol Compliance Failed: Header name with no header value " for a resquest with header name " abc" has no value.

I can bypass it by unblock or disable rule Header name with no header. But

This will be applied on all headers. I need to do only with one header. one option I know is to create the iRule.

 

Plz help me for use irule with header name "abc"

 

Thanks

Hoang Hung

3 REPLIES 3

oguzy
Cirrostratus
Cirrostratus

Hi Hoang Hung,

 

You can check this article: Disabling a violation for a URL using an iRule (f5.com)

According to article, first get the violation name in a separate irule and then use that violation name in second irule with your host header condition. Do not forget to change the "Specific_ASM_Violation" value with the name of matched violation, when the request with header name "abc" has no value.

when ASM_REQUEST_DONE { if {[ASM::violation names] contains "Specific_ASM_Violation" and [HTTP::header "abc"] equals "" } { ASM::unblock log local0. "ASM unblocking" } }

 

 

Thank Oguzy

I was been read article, I saw F5 use irule get violation name.

But I had event log on F5. Is it Http protocol compliance failed , right ?

0691T00000DzxiLQAR.pngThanks

Hoang Hung

Hi Hoang,

 

Could you please try to determine the exact violation name using the following steps:

 

  1. Log in to the Configuration utility.
  2. Go to Local Traffic iRules > iRule list.
  3. Select Create.
  4. For Definition, enter the following iRule code:
  5. when ASM_REQUEST_DONE {
  6. log local0. "ASM violation name: [ASM::violation names]"
  7. }
  8. Select Update.
  9. Associate the iRule with the appropriate virtual server.
  10. Send a request that triggers the violation that you want to forward to the OWS.
  11. Log in to the BIG-IP command line and search for the name of the violation.
  12. For example:
  13. grep -i violation /var/log/ltm
  14. The following log entry shows an example of a violation name as it should be used in the iRule:
  15. tmm[25875]: Rule /Common/asm_violation <ASM_REQUEST_DONE>: ASM violation name: VIOLATION_ILLEGAL_METHOD
  16. After you determine the violation name that you want to use in the iRule, you can remove the previous iRule from the virtual server configuration.