ASM and the 500 error
We protect many applications using the ASM but one aspect has been driving me crazy, the 500 error. 99% of the time when some one gets the ASM response page and support id it is a webserver throwing a 500. Of course we could just allow the 500 but that is not a good solution so how do I stop the escalation of 500 errors to my team?
My initial thought is to have a normal attack signature type response page and then another "default" response page but instead of just the support id it would also contain the words server error or something to that effect letting the users know that this was a server error and to check there first before coming to me. Am I able to create an irule that when an http error of 500 is generated use the server error response page then when it is something other than a 500 use the true default asm response page? I am not good at writing irules so I am hoping something like this already exists out there because I cannot be the only ASM support guy that is sick of the 500 error.
Any help is greatly appreciated.