ASM::unblock

Description

Overrides the blocking action for a request that had blocking violations. Consequently, the request will be forwarded to the origin server and also marked with a special “unblocked” flag which can be viewed in the request log. If the present request was not supposed to be blocked then the command has no effect.

Syntax

ASM::unblock

ASM::unblock

  • Notes
    • Violations from an unblocked request will not be learned for policy modification, neither manually nor automatically.
    • The command applies to requests only. It is not possible to unblock a response in which violations were found.
    • The command does not apply to requests that are part of attacks such as Web Scraping or Brute Force login attacks.
    • An unblocked request will not be sent to Antivirus scanner.
    • The command takes effect even if it is followed by ASM::raise command with a blocking violation.

Examples

when ASM_REQUEST_DONE {
  set i 0
  foreach {viol} [ASM::violation names]{
  if {$viol eq VIOLATION_ILLEGAL_PARAMETER} {
    set details [lindex [ASM::violation details] $i]
    set param_name [b64_decode [llookup $details "param_data.param_name"]]
    #remove the bad parameter from the QS - does not work right in all cases, just for illustration!
    regsub -all "\?.*($param_name=[^\&]*)" [HTTP::uri] "?" $new_uri
    HTTP::uri $new_uri
    ASM::unblock
  }
  set i [expr {$i+1}]
}