2funky_105078
Feb 26, 2018Cirrus
ASM: insert header when a virus is found
Hello,
I tried to configure a iRule to add a HTTP header in the POST request which uploads a file to an origin server.
This HTTP header should contain the ASM support ID only when there is a virus detected via ICAP, but it should NOT block the client request. I also configured in ASM policy "Trigger ASM iRule Events" in Normal Mode. I am using 12.1.2.
Do you have an idea?
I tried this but the HTTP header is not inserted (but i get a log message that the virus was found... Feb 26 17:48:38 bigip info tmm[23970]: Rule /Common/AV : VIOLATION_VIRUS_DETECTED detected, uri=/virus.php)
when ASM_REQUEST_VIOLATION
{
if {([ASM::violation_data] contains "VIOLATION_VIRUS_DETECTED")}
{
log local0. "VIOLATION_VIRUS_DETECTED detected, uri=[HTTP::uri]"
set supp_id [ASM::support_id]
}
}
when HTTP_REQUEST_RELEASE {
if {[info exists supp_id]} {
HTTP::header insert X-ASM-SUPPORT-ID "VIRUS DETECTEED and support ID $supp_id"
}
}