17-Sep-2021 09:52
Hi all
I have setup a ASM profile and all my application will through BIG-IP WAF.
But I have a issue " HTTP Protocol Compliance Failed: Header name with no header value " for a resquest with header name " abc" has no value.
I can bypass it by unblock or disable rule Header name with no header. But
This will be applied on all headers. I need to do only with one header. one option I know is to create the iRule.
Plz help me for use irule with header name "abc"
Thanks
Hoang Hung
17-Sep-2021
12:05
- last edited on
04-Jun-2023
19:18
by
JimmyPackets
Hi Hoang Hung,
You can check this article: Disabling a violation for a URL using an iRule (f5.com)
According to article, first get the violation name in a separate irule and then use that violation name in second irule with your host header condition. Do not forget to change the "Specific_ASM_Violation" value with the name of matched violation, when the request with header name "abc" has no value.
when ASM_REQUEST_DONE {
if {[ASM::violation names] contains "Specific_ASM_Violation" and [HTTP::header "abc"] equals "" } {
ASM::unblock
log local0. "ASM unblocking"
}
}
17-Sep-2021 20:14
Thank Oguzy
I was been read article, I saw F5 use irule get violation name.
But I had event log on F5. Is it Http protocol compliance failed , right ?
Thanks
Hoang Hung
18-Sep-2021 00:37
Hi Hoang,
Could you please try to determine the exact violation name using the following steps:
24-Oct-2023 00:44
Ahoi,
what is exactly unblocked here? What if i have multiple violations in one request? Are they all unblocked if one of them contains what is defined in the irule?
Is there another way to remove the empty cookie or header before it reaches the asm processing?