ltm rule command ASM raise
iRule(1) BIG-IP TMSH Manual iRule(1)
ASM::raise
Issues a user-defined violation on the request.
SYNOPSIS
ASM::raise VIOLATION_NAME (VIOLATION_DETAILS)?
DESCRIPTION
Issues a user-defined violation on the request. The violation is added to other possible violations, either raised by the
ASM or by previous invocations of this command. The consequent action is determined by the blocking setting per the raised
violation, e.g. if the violation was set to block, then the request will be blocked.
Syntax
ASM::raise
* The name attribute of the violation. It must be a user-defined
(custom) violation.
ASM::raise []
* A multimap, that is a list of key-value pairs, each pair being a
list of two elements, adding information on the violation, where it
occurred and what exactly caused it. For example offset and length
into the original request, header name in which the problem was
found, parameter name or value etc. The details are completely
opaque to ASM which simply copies them to the log. No check is done
on the completeness or validity of the list - it is the
responsibility of the iRule developer to maintain it. The maximum
number of elements in the array is 20. Note that the same key may
have more than one value.
Notes:
* If Session Awareness feature is enabled, then the raised violation
will disregard any of the Session Awareness accounting and
decisions.
* Raising a blocking violation will not prevent the request from
being sent to Antivirus scanning (if configured). This is different
than the behavior when a built-in violation is detected by ASM in
which case the request does not undergo antivirus scanning.
RETURN VALUE
VALID DURING
ASM_REQUEST_DONE, ASM_REQUEST_VIOLATION
EXAMPLES
Buildup of the violation details and then issuing the violation:
when ASM_REQUEST_DONE {
set x []
set y []
set z []
lappend y key1 value1
lappend z key1 value2
lappend x $y $z
log local0. $x
ASM::raise my_custom_violation $x
}
The logged message will show:
{key1 value1} {key1 value2}
This is a more concrete example: it counts the number of violations,
and if it exceeds 3, it issues a custom "too many violations"
violation.
when ASM_REQUEST_DONE {
if {[ASM::violation count] > 3 and [ASM::severity] eq "Error"} {
ASM::raise VIOLATION_TOO_MANY_VIOLATIONS
}
}
HINTS
SEE ALSO
CHANGE LOG
@BIGIP-11.5.0 --First introduced the command.
BIG-IP 2022-04-12 iRule(1)