iRule for ASM response page and error when use HTTP::respond
Hi I've problem about irule below which i try to customize information in response page of ASM via irule. In this case we trigger ASM_REQUEST_DONE and get all parameter of violation data.and we use HTTP::respond and send information needed to user. Problem is when we use HTTP::respond we got error in ltm log like this and connection is reset. (can't see any response page) Error :http_process_state_prepend - Invalid action:0x109071 clientside (192.168.1.154:50013 -> 192.168.200.22:80) ((null connflow)) (Client side: vip=/Common/VS_Auction profile=http pool=/Common/Pool_auction client_ip=192.168.1.154) Is there another way to send HTML respond to user? When we remove HTTP::respond line, It's working fine. when ASM_REQUEST_DONE { set x [ASM::violation_data] for {set i 0} { $i < 7 } {incr i} { switch $i { 0 { log local0. "violation=[lindex $x $i]" } 1 { log local0. "support_id=[lindex $x $i]" } 2 { log local0. "web_application=[lindex $x $i]" } 3 { log local0. "severity=[lindex $x $i]" } 4 { log local0. "source_ip=[lindex $x $i]" } 5 { log local0. "attack_type=[lindex $x $i]" } 6 { log local0. "request_status=[lindex $x $i]" } } } if {([lindex $x 6] == "blocked")} { In this case we only use 2 parameter: support id and source ip set supportid [lindex $x 1] set sourceip [lindex $x 4] HTTP::respond 200 content "Test block pagePage is currently unavailable. support id:$supportid source ip:$sourceip" "Content-Type" "text/html" } }
Response page additional information from triggered violation
Hi, Please help, We need for our dev tem provide a response page with some information like it is from (Gui - Triggered Violations details, once you click occurrensec arrow to see table details) So for exampl. Dev is testing new webapp and has been blocked, he see support id on respond page and we would like to give them details from triggered violations like: Detected keyword, attack signature, context, parameter level, actual parameter name, wildcard parameter and so on. It is test env so we can provide them this information. Is any chance to do that using iRule or other way? Thanks for providing any example for iRule or any link for parrameters needed to be add in iRule We cannot give dev team any Monitor access from gui, best regards