For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

kimhenriksen's avatar
kimhenriksen
Icon for Cirrocumulus rankCirrocumulus
May 25, 2023
Solved

ASM block page for use with API waf policy

Hey all! I´ve setup a asm waf policy for a webservice that handels api calls. But the standard response on a block is a 200 OK with the block webpage, which works great if a person can see it on the...
api
application delivery
BIG-IP Access Policy Manager (APM)
policy
  • Nikoolayy1's avatar
    Nikoolayy1
    May 25, 2023

    Also keep in mind that ASM_REQUEST_DONE irule event will show you support id even for good requests, so if you want to insert the header only when there is violation then you can use ASM_REQUEST_BLOCKING as a replacement for ASM_REQUEST_DONE as it will trigger only for bad requests.

  • kimhenriksen's avatar
    kimhenriksen
    May 26, 2023

    Just an update from me. I found a much much simpler way to accomplish this.

    In the settings for the policy and under response and blocking pages, i edit and created a new header and just used the support id variable from the page on the header and that worked like a charm. No irules to apply or anything. 😄

Nikoolayy1's avatar
Nikoolayy1
Icon for MVP rankMVP
May 25, 2023

Why not save the ASM::support_id to variable from the "ASM_REQUEST_DONE" event and then in the ''HTTP_RESPONSE'' event just insert the value in a header?

 

See:

 

https://clouddocs.f5.com/api/irules/ASM__support_id.html

 

https://clouddocs.f5.com/api/irules/ASM_REQUEST_DONE.html

 

https://clouddocs.f5.com/api/irules/ASM_REQUEST_BLOCKING.html

 

https://clouddocs.f5.com/api/irules/HTTP__header.html

 

 

Don't forget to enable the irule event triggering under the ASM policy as by default it is dissabled for some stupid reason.