Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions
Custom Alert Banner

F5 AppWorld 2024 session proposal deadline extended to Friday, December 8th!

iRule to modify response code for ASM blocking page

ebrc
Nimbostratus
Nimbostratus

‎29-Aug-2019 01:58

Hello everyone,

 

I would love to receive your help to create an irule allowing me to modify the response code (with a 500) of the blocking page of ASM when an illegal request is matched.

The goal is not to modify the global response page that's why I want to do it in an irule so that this behavior happen only for on VS and not the other (which all use the same ASM policy).

 

Thank you very much in advance!

0 Kudos
6 REPLIES 6

Enes_Afsin_Al
MVP
MVP

‎29-Aug-2019 04:54 - last edited on ‎01-Jun-2023 14:47 by Fog

Hi ebrc,

Can you try this iRule?

when HTTP_REQUEST {
	set asmstatus "allowed"
}
 
when ASM_REQUEST_BLOCKING {
	set asmstatus "blocked"
}
 
when HTTP_RESPONSE_RELEASE {
	# log local0. "ASM Status: $asmstatus"
	if { $asmstatus equals "blocked" } {
		HTTP::respond 500 content {
			<html>
			<head>
				<title>Lorem ipsum</title>
			</head>
			<body>
				Lorem ipsum dolor sit amet, consectetur adipiscing elit. Phasellus non metus mauris.
			</body>
			</html>
		}
	}
}
0 Kudos

ebrc
Nimbostratus
Nimbostratus
In response to Enes_Afsin_Al

‎30-Aug-2019 02:05

Thank you very much eaa!

 

As I see, in your irule, the blocking page is completely replaced.

My challenge is to keep the blocking page exactly as it is in ASM POlicy but just to replace the response code by 500.

0 Kudos

Enes_Afsin_Al
MVP
MVP

‎30-Aug-2019 05:34 - last edited on ‎01-Jun-2023 14:47 by Fog

Hi,

iFile (asm_custom_response): 

<html>
<head>
    <title>Request Rejected</title>
</head>
<body>
    The requested URL was rejected. Please consult with your administrator.<br><br>
    Your support ID is: $supportid <br><br><a href='javascript:history.back();'>[Go Back]</a>
</body>
</html>

iRule:

when HTTP_REQUEST {
	set asmstatus "allowed"
}
 
when ASM_REQUEST_BLOCKING {
	set asmstatus "blocked"
	set supportid [ASM::support_id]
}
 
when HTTP_RESPONSE_RELEASE {
	# log local0. "ASM Status = $asmstatus"
	if { $asmstatus equals "blocked" } {
		# log local0. "Support ID = $supportid"
		HTTP::respond 500 content [subst -nocommands -nobackslashes [ifile get asm_custom_response]]
	}
}
0 Kudos

ebrc
Nimbostratus
Nimbostratus
In response to Enes_Afsin_Al

‎05-Sep-2019 05:42

Thank you eaa!

I will try and give feedback then.

 

There is no way to just keep the ASM blocking page from ASM policy (that we already replaced by the customer's one) and just replace the error code?

I think your way will work, but we will have to maintain the same blocking page in 2 different places (ASM + ifile)

0 Kudos

gersbah
Cirrostratus
Cirrostratus

‎06-Sep-2019 05:05 - last edited on ‎01-Jun-2023 14:46 by Fog 

when ASM_REQUEST_BLOCKING {
    set blocked 1
    set response [ASM::payload]
}
 
when HTTP_RESPONSE_RELEASE {
    catch {
        if { $blocked } {
            HTTP::respond 500 content $response
        }
    }
}

Something like this should work. The "catch" to prevent errors for not-blocked requests may be a bit crude. The thing eaa did with setting the indicator for all requests may be better. But this is shorter. I don't know, I'm not a programmer.

0 Kudos

ebrc
Nimbostratus
Nimbostratus

‎19-Sep-2019 04:36

Thanks guys for all your answers!

I really appreciate it. I'm waiting the customer now to schedule the different test.

I will let you know (but it may take some time).

0 Kudos
Copyright © 2023 Khoros, LLC