ltm rule event ASM RESPONSE VIOLATION
iRule(1) BIG-IP TMSH Manual iRule(1)
ASM_RESPONSE_VIOLATION
Triggered when ASM detects that a response violates an ASM security
policy.
DESCRIPTION
This event is triggered when ASM detects that a response violates an
ASM security policy.
Examples
This example modifies the response page when the response scrubbing (a server side violation) is triggered by ASM.
when ASM_RESPONSE_VIOLATION
{
set x [ASM::violation_data]
for {set i 0} { $i < 7 } {incr i} {
switch $i {
0 { log local0. "violation=[lindex $x $i]" }
1 { log local0. "support_id=[lindex $x $i]" }
2 { log local0. "web_application=[lindex $x $i]" }
3 { log local0. "severity=[lindex $x $i]" }
4 { log local0. "source_ip=[lindex $x $i]" }
5 { log local0. "attack_type=[lindex $x $i]" }
6 { log local0. "request_status=[lindex $x $i]" }
}}
if {([lindex $x 0] contains "VIOLATION_RESPONSE_SCRUBBING")}
{
log local0. "VIOLATION_RESPONSE_SCRUBBING detected, let's modify"
ASM::payload replace 0 5 "method"
}
}
HINTS
SEE ALSO
CHANGE LOG
@BIGIP-10.1.0 --First introduced the event.
BIG-IP 2017-01-31 iRule(1)