Forum Discussion
Joachim_Roessne
Mar 05, 2014Nimbostratus
Hi,
the LT policy is done by someone else. Here is the rule that is linked in the policy - if this is what you mean..
Trigger ASM iRule Event in the ASM is turned on and active. My iRule is pretty much the same as in the example.
when ASM_REQUEST_BLOCKING
{
set x [ASM::violation_data]
for {set i 0} { $i < 7 } {incr i} {
switch $i {
0 { log local0. "violation=[lindex $x $i]" }
1 { log local0. "support_id=[lindex $x $i]" }
2 { log local0. "web_application=[lindex $x $i]" }
3 { log local0. "severity=[lindex $x $i]" }
4 { log local0. "source_ip=[lindex $x $i]" }
5 { log local0. "attack_type=[lindex $x $i]" }
6 { log local0. "request_status=[lindex $x $i]" }
}}
if {([lindex $x 0] contains "VIOLATION_ATTACK_SIGNATURE_DETECTED")}
{
log local0. "VIOLATION_ATTACK_SIGNATURE_DETECTED detected, let's customized reject page"
HTTP::header remove Content-Length
HTTP::header insert header_1 value_1
set response "Apology PageWe are sorry,\
but the site you are looking for is temporarily out of service\
If you feel you have reached this page in error, please try again."
ASM::payload replace 0 [ASM::payload length] ""
ASM::payload replace 0 0 $response
}
}
Hope this helps. THX