Forum Discussion
Kai_Wilke
Jan 12, 2017MVP
Hi Ghislain,
I'm using a layered approach for my violation pages.
- If an violation occours somewhare on the page, the request will be redirected to the landing page, with a query string appended containing an b64encoded SupportID (e.g.
)./default.html?RequestID=[b64encode [ASM::support_id]]
- If a violation occours and a the RequestID parameter is present, the violation response will not trigger the HTTP-Redirect to the landing page again. Instead it will directly serve a HTTP Err403 response to the client that the request was blocked.
This behavior gives us a good user experience (no explicit error messages), still allows easy troubleshootings (via embedded query string information) and implements a decent protection for redirect loops, which may occour if the redirected request to the error page would trigger a violation again (e.g. disallowed/misconfigured user-agents, etc.).
Cheers, Kai