ASM Custom Violation for ICAP Scanning
Hello Folks, I recently started building ICAP AV Scanning configurations on F5 LTM. Looks like most of it is pretty easy to configure following some docs on support site. But the blocker is, i'm trying to Raise a violation using iRules and ASM custom violations. Please see iRule below when ADAPT_REQUEST_RESULT { log local0. "ICAP response is [ADAPT::result]" if { ! ([ADAPT::result] contains "modify") } { set icap_blocked 1 ADAPT::result bypass } else { set icap_blocked 0 } } when ASM_REQUEST_DONE { if { [info exists icap_blocked] && $icap_blocked == 1 } { ASM::raise ICAP log local0. "Raising custom ASM Violation." set icap_blocked 0 } } So far, scanning the files and allowing or blocking the request is working just fine. When it comes to raising a custom violation to the user when a malicious file is uploaded, i'm not seeing any response pages i set on ASM. Please see the procedure below: 1.Configured AV Scanning following the document(link above) 2.Created a security Policy on ASM with Blocking enforcement mode(Security->Application Security->Security Policies) 3.Created a custom violation under Security->Options->Application security -> Advanced Configuration -> Violation list->User-Defined Violations->create. See below Now, Created a blocking response page under Security->Application Security->Blocking->Response Pages See below Response Headers: HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Connection: close Response Body: Request RejectedThe requested URL was rejected. Please consult with your administrator. Your support ID is: <%TS.request.ID()%> After assigning iRule to the ICAP Virtual server, I uploaded a virus file from a web portal that points to ICAP Virtual IP, and its being blocked. But i'm not seeing the response page i created. Any help is much appreciated! Thanks I know this is too much information. Just thought it would help someone in future . I appreciate your patience 🙂Enable Request Adapt for Specific uri's
Hello Folks, I'm having trouble configuring a Request Adapt profile for a specific uri's. Here is the scenario: I have a VIP that redirects different uri's to different Pools. One of the uri (https://example.com/doc/upload) needs a Antivirus scanning required. I'm using ICAP for this. I went through some documentation on F5 support & created ICAP & Request Adapt profiles for this and when I apply request adapt profile to the standard VIP, its breaking all other uri redirections & giving a reset. I think because the requests are going to ICAP Internal Server instead to a actual pool. So How would I allow only specific uri's go through Request Adapt profile for AV scanning. I have an iRule that uses HTTP_Request Event as well as ACL_ALLOWED event to match uri's & selecting the pools. Any help is much appreciated. Thanks in advance!
