NimbostratusHI, I am new to F5, so need some help here.
I have been asked to block HTTP error 500 occasionally coming from one of our applications, but I have no idea how to do it - apparently I need ASM module? We have BIG-IP 3600 running version 11.2.1
Cirrus
Cirrusyou can do this without using ASM module. By using Irule either you can redirect to any other application page or send custom response in case of 500 RespCode.
Redirect to error Page.
when HTTP_RESPONSE {
if { [HTTP::status] eq "500" } {
HTTP::redirect "www.abc.com/error.html" }
}
Send Custom Response
when HTTP_RESPONSE {
if { [HTTP::status] eq "500" } {
HTTP::respond 200 content {
Error
Please contact support.
}
}
}
CirrocumulusIf you use ASM module then HTTP Response Code 500 is blocked by default. Check out the excerpt from the ASM manual:
"Configuring the allowed response status codes
By default, the Application Security Manager accepts all response codes from 1xx to 3xx as valid responses. Response codes from 4xx to 5xx are considered invalid unless added to the Allowed Response Status Codes list. By default, 400, 401, 404, 407, 417, and 503 are on the list as valid HTTP response status codes.If a response contains a response status code from 4xx to 5xx that is not on the list, the system issues the violation, Illegal HTTP status in response. If you configured the security policy to block this violation, the system blocks the response. "
Hope this helps,
Sam
Nimbostratusthank you all for great answers