Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions
Custom Alert Banner

F5 AppWorld 2024 session proposal deadline extended to Friday, December 8th!

Return ASM Violation in Response

Go to solution
LB
Cirrus
Cirrus

‎14-Aug-2020 07:23

Hey folks,

 

Is it possible to return the ASM violation in the response body?

 

If so, what does that logic look like?

Labels:
0 Kudos
1 ACCEPTED SOLUTION

Go to solution
Ivan_Chernenkii
F5 Employee
F5 Employee
In response to LB

‎20-Aug-2020 13:28

I don't know how to do it in simple way, but you can try to use ASM iRule for this purpose.

Something like this:

when ASM_REQUEST_BLOCKING {

set x [ASM::violation_data]

#c_ stands for "custom"

set c_brp "<html>

         <head>

         <title>This is a custom BRP!</title>

         </head>

         <body>

         <h1>The request was blocked and next violations were detected: [lindex $x 0].</h1>

         </body>

        </html>"

  set c_brplen [string length $c_brp]

 

HTTP::header replace "Content-length" $c_brplen

 

#ASM already formed a BRP, so we delete it first and place ours instead

#d_ stands for "default"

set d_brplen [ASM::payload length]

ASM::payload replace 0 $d_brplen $c_brp

}

 

Thanks, Ivan

View solution in original post

0 Kudos
4 REPLIES 4

Go to solution
Ivan_Chernenkii
F5 Employee
F5 Employee

‎19-Aug-2020 15:22

Hello,

 

Do you want to return violation in case of Blocking in Blocking Response Page OR you want to insert it in response from backend server?

What is use case of such data?

 

Thanks, Ivan

0 Kudos

Go to solution
LB
Cirrus
Cirrus

‎20-Aug-2020 02:15

Hi Ivan,

 

Thanks for your response, I have gotten real value from your responses in this forum.

 

If possible, I would like to return the asm::violation names in the response page (reason for block in response). Use case is internal customers refuse to search support ID in SIEM. This would be implemented in a non-production environment.

 

Thanks,

L

0 Kudos

Go to solution
Ivan_Chernenkii
F5 Employee
F5 Employee
In response to LB

‎20-Aug-2020 13:28

I don't know how to do it in simple way, but you can try to use ASM iRule for this purpose.

Something like this:

when ASM_REQUEST_BLOCKING {

set x [ASM::violation_data]

#c_ stands for "custom"

set c_brp "<html>

         <head>

         <title>This is a custom BRP!</title>

         </head>

         <body>

         <h1>The request was blocked and next violations were detected: [lindex $x 0].</h1>

         </body>

        </html>"

  set c_brplen [string length $c_brp]

 

HTTP::header replace "Content-length" $c_brplen

 

#ASM already formed a BRP, so we delete it first and place ours instead

#d_ stands for "default"

set d_brplen [ASM::payload length]

ASM::payload replace 0 $d_brplen $c_brp

}

 

Thanks, Ivan

0 Kudos

Go to solution
LB
Cirrus
Cirrus
In response to Ivan_Chernenkii

‎01-Sep-2020 13:29

Thanks Ivan, I will try this.

0 Kudos
Copyright © 2023 Khoros, LLC