This event is triggered when ASM is generating the reject-response and gives the iRule a chance to modify that reject-response before it is sent.


This example modifies the ASM reject page when the evasion detected(a client side violation) is triggered by ASM.


  set x [ASM::violation_data]
  #marker bit to handle header change
  set activeViolation 1
  for {set i 0} { $i < 7 } {incr i} {
      switch $i {
      0         { log local0. "violation=[lindex $x $i]" }
      1         { log local0. "support_id=[lindex $x $i]" }
      2         { log local0. "web_application=[lindex $x $i]" }
      3         { log local0. "severity=[lindex $x $i]" }
      4         { log local0. "source_ip=[lindex $x $i]" }
      5         { log local0. "attack_type=[lindex $x $i]" }
      6         { log local0. "request_status=[lindex $x $i]" }


   if {([lindex $x 0] contains "VIOLATION_EVASION_DETECTED")}
      log local0. "VIOLATION_EVASION_DETECTED detected, let's customized reject page"

      #this really does not work like this
      #HTTP::header remove Content-Length
      #HTTP::header insert header_1 value_1

      set response "<html><head><title>Apology Page</title></head><body>We are sorry,\
         but the site you are looking for is temporarily out of service<br>\
         If you feel you have reached this page in error, please try again.</body></html>"

      ASM::payload replace 0 [ASM::payload length] ""
      ASM::payload replace 0 0 $response


   #catch for error if variable does not exist (no previous event ASM_REQUEST_BLOCKING)
   catch {
       #do only if  previous was event ASM_REQUEST_BLOCKING
       if { $activeViolation } {
           #modify respose header
           HTTP::header remove Content-Length
           HTTP::header insert header_1 value_1