ASM::raise

Description

Issues a user-defined violation on the present request. The violation is added to other possible violations, either raised by the ASM or by previous invocations of this command. The consequent action is determined by the blocking setting per the raised violation, e.g. if the violation was set to block, then the request will be blocked.

Syntax

ASM::raise <violation-name> [<violation-details>]

ASM::raise <violation-name>

  • The name attribute of the violation. It must be a user-defined (custom) violation.

ASM::raise <violation-name> [<violation-details>]

  • A multimap, that is a list of key-value pairs, each pair being a list of two elements, adding information on the violation, where it occurred and what exactly caused it. For example offset and length into the original request, header name in which the problem was found, parameter name or value etc. The details are completely opaque to ASM which simply copies them to the log. No check is done on the completeness or validity of the list - it is the responsibility of the iRule developer to maintain it. The maximum number of elements in the array is 20. Note that the same key may have more than one value.

Notes:
  • If Session Awareness feature is enabled, then the raised violation will disregard any of the Session Awareness accounting and decisions.
  • Raising a blocking violation will not prevent the request from being sent to Antivirus scanning (if configured). This is different than the behavior when a built-in violation is detected by ASM in which case the request does not undergo antivirus scanning.

Examples

Buildup of the violation details and then issuing the violation:
when ASM_REQUEST_DONE {
  set x []
  set y []
  set z []
  lappend y key1 value1
  lappend z key1 value2
  lappend x $y $z
  log local0. $x

  ASM::raise my_custom_violation $x
}

The logged message will show:
{key1 value1} {key1 value2}

This is a more concrete example: it counts the number of violations, and if it exceeds 3, it issues a custom “too many violations” violation.
when ASM_REQUEST_DONE {
   if {[ASM::violation count] > 3 and [ASM::severity] eq "Error"} {
      ASM::raise VIOLATION_TOO_MANY_VIOLATIONS
   }
}