29-Aug-2019 01:58
Hello everyone,
I would love to receive your help to create an irule allowing me to modify the response code (with a 500) of the blocking page of ASM when an illegal request is matched.
The goal is not to modify the global response page that's why I want to do it in an irule so that this behavior happen only for on VS and not the other (which all use the same ASM policy).
Thank you very much in advance!
29-Aug-2019
04:54
- last edited on
01-Jun-2023
14:47
by
JimmyPackets
Hi ebrc,
Can you try this iRule?
when HTTP_REQUEST {
set asmstatus "allowed"
}
when ASM_REQUEST_BLOCKING {
set asmstatus "blocked"
}
when HTTP_RESPONSE_RELEASE {
# log local0. "ASM Status: $asmstatus"
if { $asmstatus equals "blocked" } {
HTTP::respond 500 content {
<html>
<head>
<title>Lorem ipsum</title>
</head>
<body>
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Phasellus non metus mauris.
</body>
</html>
}
}
}
30-Aug-2019 02:05
Thank you very much eaa!
As I see, in your irule, the blocking page is completely replaced.
My challenge is to keep the blocking page exactly as it is in ASM POlicy but just to replace the response code by 500.
30-Aug-2019
05:34
- last edited on
01-Jun-2023
14:47
by
JimmyPackets
Hi,
iFile (asm_custom_response):
<html>
<head>
<title>Request Rejected</title>
</head>
<body>
The requested URL was rejected. Please consult with your administrator.<br><br>
Your support ID is: $supportid <br><br><a href='javascript:history.back();'>[Go Back]</a>
</body>
</html>
iRule:
when HTTP_REQUEST {
set asmstatus "allowed"
}
when ASM_REQUEST_BLOCKING {
set asmstatus "blocked"
set supportid [ASM::support_id]
}
when HTTP_RESPONSE_RELEASE {
# log local0. "ASM Status = $asmstatus"
if { $asmstatus equals "blocked" } {
# log local0. "Support ID = $supportid"
HTTP::respond 500 content [subst -nocommands -nobackslashes [ifile get asm_custom_response]]
}
}
05-Sep-2019 05:42
Thank you eaa!
I will try and give feedback then.
There is no way to just keep the ASM blocking page from ASM policy (that we already replaced by the customer's one) and just replace the error code?
I think your way will work, but we will have to maintain the same blocking page in 2 different places (ASM + ifile)
06-Sep-2019
05:05
- last edited on
01-Jun-2023
14:46
by
JimmyPackets
when ASM_REQUEST_BLOCKING {
set blocked 1
set response [ASM::payload]
}
when HTTP_RESPONSE_RELEASE {
catch {
if { $blocked } {
HTTP::respond 500 content $response
}
}
}
Something like this should work. The "catch" to prevent errors for not-blocked requests may be a bit crude. The thing eaa did with setting the indicator for all requests may be better. But this is shorter. I don't know, I'm not a programmer.