Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions
Custom Alert Banner

F5 AppWorld 2024 session proposal deadline extended to Friday, December 8th!

[Irule][ASM] Header name with no header value

Hoang_Hung
Cirrus
Cirrus

‎17-Sep-2021 09:52

Hi all

I have setup a ASM profile and all my application will through BIG-IP WAF.

But I have a issue " HTTP Protocol Compliance Failed: Header name with no header value " for a resquest with header name " abc" has no value.

I can bypass it by unblock or disable rule Header name with no header. But

This will be applied on all headers. I need to do only with one header. one option I know is to create the iRule.

 

Plz help me for use irule with header name "abc"

 

Thanks

Hoang Hung

Labels:
0 Kudos
4 REPLIES 4

oguzy
Cirrostratus
Cirrostratus

‎17-Sep-2021 12:05 - last edited on ‎04-Jun-2023 19:18 by Fog

Hi Hoang Hung,

You can check this article: Disabling a violation for a URL using an iRule (f5.com)

According to article, first get the violation name in a separate irule and then use that violation name in second irule with your host header condition. Do not forget to change the "Specific_ASM_Violation" value with the name of matched violation, when the request with header name "abc" has no value.

when ASM_REQUEST_DONE {
  if {[ASM::violation names] contains "Specific_ASM_Violation" and [HTTP::header "abc"] equals "" } {
    ASM::unblock
    log local0. "ASM unblocking"
  }
}
0 Kudos

Hoang_Hung
Cirrus
Cirrus
In response to oguzy

‎17-Sep-2021 20:14

Thank Oguzy

I was been read article, I saw F5 use irule get violation name.

But I had event log on F5. Is it Http protocol compliance failed , right ?

0691T00000DzxiLQAR.pngThanks

Hoang Hung

0 Kudos

oguzy
Cirrostratus
Cirrostratus
In response to Hoang_Hung

‎18-Sep-2021 00:37

Hi Hoang,

 

Could you please try to determine the exact violation name using the following steps:

 

  1. Log in to the Configuration utility.
  2. Go to Local Traffic iRules > iRule list.
  3. Select Create.
  4. For Definition, enter the following iRule code:
  5. when ASM_REQUEST_DONE {
  6. log local0. "ASM violation name: [ASM::violation names]"
  7. }
  8. Select Update.
  9. Associate the iRule with the appropriate virtual server.
  10. Send a request that triggers the violation that you want to forward to the OWS.
  11. Log in to the BIG-IP command line and search for the name of the violation.
  12. For example:
  13. grep -i violation /var/log/ltm
  14. The following log entry shows an example of a violation name as it should be used in the iRule:
  15. tmm[25875]: Rule /Common/asm_violation <ASM_REQUEST_DONE>: ASM violation name: VIOLATION_ILLEGAL_METHOD
  16. After you determine the violation name that you want to use in the iRule, you can remove the previous iRule from the virtual server configuration.

 

0 Kudos

Irre_Levant
Altocumulus
Altocumulus
In response to oguzy

‎24-Oct-2023 00:44

Ahoi,

what is exactly unblocked here? What if i have multiple violations in one request? Are they all unblocked if one of them contains what is defined in the irule?

Is there another way to remove the empty cookie or header before it reaches the asm processing?


greets
Irre
0 Kudos
Copyright © 2023 Khoros, LLC