ASM_RESPONSE_VIOLATION

Description¶

This event is triggered when ASM detects that a response violates an ASM security policy.

Examples¶

This example modifies the response page when the response scrubbing (a server side violation) is triggered by ASM.

when ASM_RESPONSE_VIOLATION
{

  set x [ASM::violation_data]

  for {set i 0} { $i < 7 } {incr i} {
      switch $i {
      0         { log local0. "violation=[lindex $x $i]" }
      1         { log local0. "support_id=[lindex $x $i]" }
      2         { log local0. "web_application=[lindex $x $i]" }
      3         { log local0. "severity=[lindex $x $i]" }
      4         { log local0. "source_ip=[lindex $x $i]" }
      5         { log local0. "attack_type=[lindex $x $i]" }
      6         { log local0. "request_status=[lindex $x $i]" }

   }}

   if {([lindex $x 0] contains "VIOLATION_RESPONSE_SCRUBBING")}
   {
      log local0. "VIOLATION_RESPONSE_SCRUBBING detected, let's modify"
      ASM::payload replace 0 5 "method"
   }
}

Related Information¶

Available Commands:

ASM::payload - This command retrieves or replaces the payload collected by ASM.
ASM::violation_data - This command exposes violation data using a multiple buffers instance
HTTP::header - Queries or modifies HTTP headers.

Warning

The links to the sample code below are remnants of the old DevCentral wiki and will result in a 404 error. For best results, please copy the link text and search the codeshare directly on DevCentral.

Sample Code:

Introduced: BIGIP-10.1.0

The BIG-IP API Reference documentation contains community-contributed content. F5 does not monitor or control community code contributions. We make no guarantees or warranties regarding the available code, and it may contain errors, defects, bugs, inaccuracies, or security vulnerabilities. Your access to and use of any code available in the BIG-IP API reference guides is solely at your own risk.

ASM_RESPONSE_VIOLATION¶

Description¶

Examples¶

Related Information¶