Custom HTML page for ASM Virus Detection - ICAP
Hello Folks, One of customers is using KasperSky Proxy server as an ICAP integration with ASM. (Running on 11.3.0 HF8). Which is working well, and ICAP is detecting malicious and legitimate file well. Now the requirement comes as to display a custom HTML page when ASM detects a Virus based on ICAP confirmation. I have tried creating an iRule by taking help from DecCentral, and made something as following. when ASM_REQUEST_BLOCKING { set x [ASM::violation_data] for {set i 0} { $i < 7 } {incr i} { switch $i { 0 { log local0. "violation=[lindex $x $i]" } 1 { log local0. "support_id=[lindex $x $i]" } 2 { log local0. "web_application=[lindex $x $i]" } 3 { log local0. "severity=[lindex $x $i]" } 4 { log local0. "source_ip=[lindex $x $i]" } 5 { log local0. "attack_type=[lindex $x $i]" } 6 { log local0. "request_status=[lindex $x $i]" } }} if {([lindex $x 5] contains "ATTACK_TYPE_MALICIOUS_FILE_UPLOAD")} { HTTP::header remove Content-Length HTTP::header insert header_1 value_1 set response "Apology PageWe are sorry,\ but the site you are looking for is temporarily out of service\ If you feel you have reached this page in error, please try again." ASM::payload replace 0 [ASM::payload length] "" ASM::payload replace 0 0 $response } } However it seems that iRule is not triggering at all. Any idea what I am missing here? Thank you, Darshan