Forum Discussion

Cirrocumulus

May 25, 2023

Solved

ASM block page for use with API waf policy

Hey all!

I´ve setup a asm waf policy for a webservice that handels api calls. But the standard response on a block is a 200 OK with the block webpage, which works great if a person can see it on the screen.. when it´s an api call the service just gets a <!DO (the first characters of the webpage) and a 200 OK.

What I want to do I just return a 403 / 503 (or something like that) and just respond with the support ID in a header back to the source.

I´ve got most of it figured out, except the header part...

So... doesnt anyone know a good way for me to insert a support ID to a header response back to the client?

api

application delivery

BIG-IP Access Policy Manager (APM)

policy

Nikoolayy1
May 25, 2023
Also keep in mind that ASM_REQUEST_DONE irule event will show you support id even for good requests, so if you want to insert the header only when there is violation then you can use ASM_REQUEST_BLOCKING as a replacement for ASM_REQUEST_DONE as it will trigger only for bad requests.
kimhenriksen
May 26, 2023
Just an update from me. I found a much much simpler way to accomplish this.
In the settings for the policy and under response and blocking pages, i edit and created a new header and just used the support id variable from the page on the header and that worked like a charm. No irules to apply or anything. 😄

17 Replies

Nikoolayy1
MVP
May 25, 2023
Why not save the ASM::support_id to variable from the "ASM_REQUEST_DONE" event and then in the ''HTTP_RESPONSE'' event just insert the value in a header?

See:

https://clouddocs.f5.com/api/irules/ASM__support_id.html

https://clouddocs.f5.com/api/irules/ASM_REQUEST_DONE.html

https://clouddocs.f5.com/api/irules/ASM_REQUEST_BLOCKING.html

https://clouddocs.f5.com/api/irules/HTTP__header.html

Don't forget to enable the irule event triggering under the ASM policy as by default it is dissabled for some stupid reason.
kimhenriksen
Cirrocumulus
May 25, 2023
I did this first:
when ASM_REQUEST_VIOLATION {
set support_id [ASM::support_id]
#log local0. $support_id
HTTP::header insert ASM $support_id
}
when HTTP_RESPONSE {
#log local0. $support_id
HTTP::header insert ASM $support_id
#HTTP::header insert ASM2 testtest
}

But.. there´s no header receieved on the client end..
- Nikoolayy1
  MVP
  May 25, 2023
  Did you check what I mentioned ?
  
  Not when ASM_REQUEST_VIOLATION but ASM_REQUEST_DONE and the irule trigger should be enabled under the ASM policy and set to Normal mode not Compatible.
  
  https://techdocs.f5.com/kb/en-us/products/big-ip_asm/manuals/product/asm-implementations-11-6-0/29.html
  - kimhenriksen
    Cirrocumulus
    May 25, 2023
    I´ll change the event and try again.
    I had already changed the irule setting before so events are triggering ok.

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

ASM block page for use with API waf policy

17 Replies

The New F5 Certified BIG-IP Administrator Certification Exams Now Live

F5 Academies Are Back – And We’re Coming to a City Near You

Recent Discussions

APM Access Policy|SSLVPN | SAML auth questionnaires

Cert Bundle Manager

PKI PIN works for users from one network, not the other.

Why does SSLO not support ACTIVE-ACTIVE mode deployments？

r4600 Tenant CPU Assignment

Related Content

SSL Orchestrator Advanced Use Cases: Custom Blocking Pages

Response and blocking page

ASM blocked page redirect

Zero Trust building blocks - F5 BIG-IP Access Policy Manager (APM) and PingIdentity

WAF custom block page settings

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS