Forum Discussion
Kai_Wilke
Apr 08, 2017MVP
Hi Manoranajn,
take a look to the iRule below. It uses a less complicated approach to debug log the violation data and updates in addition the "Content-Length" header information, after changing the response.
when ASM_REQUEST_BLOCKING {
set x [ASM::violation_data]
log local0.debug "violation=[lindex $x [set i 0]]"
log local0.debug "support_id=[lindex $x [incr i]]"
log local0.debug "web_application=[lindex $x [incr i]]"
log local0.debug "severity=[lindex $x [incr i]]"
log local0.debug "source_ip=[lindex $x [incr i]]"
log local0.debug "attack_type=[lindex $x [incr i]]"
log local0.debug "request_status=[lindex $x [incr i]]"
if { [lindex $x 0] contains "ATTACK_TYPE_OTHER_APPLICATION_ACTIVITY" } then {
log local0.debug "ATTACK_TYPE_OTHER_APPLICATION_ACTIVITY detected, let's customized reject page"
ASM::payload replace 0 [ASM::payload length] ""
ASM::payload replace 0 0 "Request Rejected PageSorry, access to this site is restricted."
HTTP::header remove "Content-Length"
HTTP::header insert "Content-Length" [ASM::payload length]
}
}
Cheers, Kai