James_Betts_290
Cirrus
CirrusSolved
ASM issue, need to return HTTP 500 to client in certain cases
I've written a script that captures the "Content-Type" header from requests. In the event that ASM blocks the request, I need to respond to the client with one of three types of responses (I'm using ...
This is not pretty but it works for the problem I had:
Note: 1. You must enable ASM events for the policy that you intend to invoke this with. 2. Make a custom blocking response page that is nothing but spaces and CR/LF that is as large as the iFile that you will be putting in ASM::payload. 3. In your iFile, use a "$" character where you want the ASM::support_ID to show when HTTP_REQUEST { set CT [string tolower [HTTP::header Content-Type]] log local0. "ASM-R-H: Content: $CT" } when ASM_REQUEST_BLOCKING { log local0. "ASM-R-H: Blocking Content: $CT" if the application type isn't SOAP then show the generic error if { ([string first $CT "application/soap"] < 0) && ([string first $CT "text/xml"] < 0) } { log local0. "ASM-R-H: HTML blocking [ASM::support_id]" ASM::payload replace 0 0 [string map "$ [ASM::support_id]" [ifile get "/Common/HTML-Error-Page"]] return } handle SOAP errors log local0. "ASM-R-H: XML blocking [ASM::support_id]" ASM::payload replace 0 0 [string map "$ [ASM::support_id]" [ifile get "/Common/SOAP-Error-Response"]] return } when ASM_REQUEST_DONE { if { not (([ASM::status] equals "blocked") || ([ASM::status] equals "alarmed")) } { return } if { ([string first $CT "application/json"] < 0) && ([string first $CT "application/javascript"] < 0) } { return } ASM::unblock log local0. "ASM-R-H: alarm status [ASM::status]" set JSONProblem [ASM::support_id] } when HTTP_RESPONSE { if { $JSONProblem == "" } { return } log local0. "ASM-R-H: alarm status $JSONProblem" HTTP::respond 500 content "Support ID $JSONProblem" }
