ICAP with iRule Response Page

Same deal here, we were told we could use LTM ICAP and tie it in with custom ASM violations. We were thinking about capturing the ICAP_Response error and passing this to ASM triggering a custom violation after the ASM_REQUEST_END event. I think the problem is that the ASM event will fire before the ICAP_Response as the ICAP irule is on the Internal VS, which processes the request after the HTTP VS, I'll have a chat to F5 about this in the week.

Yeah i contacted support and they didnt help so im going back to our F5 account team.

I'll keep you posted on anything i hear and if you could do the same I'd appreciate it.

I think this is what your referring to: https://devcentral.f5.com/questions/content-adaptation-for-http-requests-with-symantec

Have you seen the ASM::raise command? https://devcentral.f5.com/wiki/iRules.ASM__raise.ashx

ASM triggers after request adapt profile(aka ICAP). I have preliminary have created an iRule that works on detecting some ICAP results and then works in conjunction with ASM to raise custom violation - but I do need to test some more variants of it before I post something here for sharing. Stay tuned though!

The ICAP URL should be:

uri icap://${SERVER_IP}:${SERVER_PORT}/AVSCANREQ\?action=scan

201 - abort

200 - respond