Forum Discussion

Dave_P_130251's avatar
Dave_P_130251
Icon for Nimbostratus rankNimbostratus
Jul 31, 2013

ASM and the 500 error

We protect many applications using the ASM but one aspect has been driving me crazy, the 500 error. 99% of the time when some one gets the ASM response page and support id it is a webserver throwing a 500. Of course we could just allow the 500 but that is not a good solution so how do I stop the escalation of 500 errors to my team?

 

My initial thought is to have a normal attack signature type response page and then another "default" response page but instead of just the support id it would also contain the words server error or something to that effect letting the users know that this was a server error and to check there first before coming to me. Am I able to create an irule that when an http error of 500 is generated use the server error response page then when it is something other than a 500 use the true default asm response page? I am not good at writing irules so I am hoping something like this already exists out there because I cannot be the only ASM support guy that is sick of the 500 error.

 

Any help is greatly appreciated.

 

application delivery
dev
devops
iRules

3 Replies

Sort By
  • uni's avatar
    uni
    Icon for Altostratus rankAltostratus
    Aug 12, 2013

    I suggest you look at the iRule event ASM_RESPONSE_VIOLATION. In this event you can handle the specific response for 500.

     

    You will need to enable this in the ASM policy as well. See Activating iRule Events in chapter 5 of the ASM configuration guide.

     

  • Torti's avatar
    Torti
    Icon for Altostratus rankAltostratus
    Aug 12, 2013

    Hi, If you respond with an error page containing a message of a server error, you get the same like the original message of the server itself. It doesn't make sense. Then you can allow the 500 responses from the server, too ;-) It is a security feature, that server errors are be hidden. The question is: why do you get so many 500 errors? It sounds like a bad application.

     

  • Dave_P_130251's avatar
    Dave_P_130251
    Icon for Nimbostratus rankNimbostratus
    Sep 22, 2013

    Thanks for your responses. The text that will be the response would only slightly differ from the original default response page with the wording "server error" or what not. This is just to alert the app teams that it was a server error and not a response to an attack signature or other ASM violation.