iRules commands and events relating to the Application Security Manager (ASM) module

Command List

  • ASM::captcha - Responds with a CAPTCHA challenge
  • ASM::captcha_age - Returns the age of the CAPTCHA challenge in seconds
  • ASM::captcha_status - Returns the status of the user’s answer to the CAPTCHA challenge
  • ASM::client_ip - Returns the IP address of the end client that sent the present request
  • ASM::conviction - inject conviction honey traps in case of behavioral enforcement is enabled
  • ASM::deception - Marks a request as deceptive for further enforcement by ASM.
  • ASM::disable - Disables plugin processing on the connection.
  • ASM::enable - Enables plugin processing on the connection.
  • ASM::fingerprint - returns the FP id if available
  • ASM::is_authenticated - Returns true if the user in the present request is logged in
  • ASM::login_status - Request status of the login session tracked by one of the login pages defined in the policy.
  • ASM::microservice - returns the microservice matched for the request
  • ASM::payload - This command retrieves or replaces the payload collected by ASM.
  • ASM::policy - Returns the ASM policy applied on the request
  • ASM::raise - Issues a user-defined violation on the present request
  • ASM::severity - Returns the overall severity of the violations found in the transaction (both request and response)
  • ASM::signature - returns the list of signatures
  • ASM::status - Returns the current status of the request or response
  • ASM::support_id - Returns the support id of the present HTTP transaction
  • ASM::threat_campaign - Returns the list of threat campaigns
  • ASM::unblock - Overrides the blocking action for a request that had blocking violation
  • ASM::uncaptcha - Overrides the CAPTCHA action
  • ASM::username - request username from a login attempt throughout the login session.
  • ASM::violation - Returns the list of violations found in the present request or response together with details on each one
  • ASM::violation_data - This command exposes violation data using a multiple buffers instance
  • DOSL7::disable - Disables blocking and detection of DoS attacks according to the ASM security policy configuration
  • DOSL7::enable - Enables blocking and detection of DoS attacks according to the ASM security policy configuration
  • DOSL7::profile - returns the DOS profile from which the L7-DoS policy is extracted

Event List

  • ASM_REQUEST_BLOCKING - Triggered when ASM is generating the reject-response and gives the iRule a chance to modify that reject-response before it is sent.
  • ASM_REQUEST_DONE - triggered after ASM finished processing the request and found all violations of the ASM policy
  • ASM_REQUEST_VIOLATION - Triggered when ASM detects that a request violates an ASM security policy.
  • ASM_RESPONSE_LOGIN - Triggered on login page URL match in policy
  • ASM_RESPONSE_VIOLATION - Triggered when ASM detects that a response violates an ASM security policy.
  • IN_DOSL7_ATTACK - Triggered when ASM detects that a request violates an ASM security policy for Denial of Service attacks

The BIG-IP API Reference documentation contains community-contributed content. F5 does not monitor or control community code contributions. We make no guarantees or warranties regarding the available code, and it may contain errors, defects, bugs, inaccuracies, or security vulnerabilities. Your access to and use of any code available in the BIG-IP API reference guides is solely at your own risk.