ltm rule event ASM RESPONSE VIOLATIONΒΆ

iRule(1)		      BIG-IP TMSH Manual		      iRule(1)



ASM_RESPONSE_VIOLATION
       Triggered when ASM detects that a response violates an ASM security
       policy.

DESCRIPTION
       This event is triggered when ASM detects that a response violates an
       ASM security policy.

Examples
	This example modifies the response page when the response scrubbing (a server side violation) is triggered by ASM.
	when ASM_RESPONSE_VIOLATION
	{

	  set x [ASM::violation_data]

	  for {set i 0} { $i < 7 } {incr i} {
	      switch $i {
	      0 	{ log local0. "violation=[lindex $x $i]" }
	      1 	{ log local0. "support_id=[lindex $x $i]" }
	      2 	{ log local0. "web_application=[lindex $x $i]" }
	      3 	{ log local0. "severity=[lindex $x $i]" }
	      4 	{ log local0. "source_ip=[lindex $x $i]" }
	      5 	{ log local0. "attack_type=[lindex $x $i]" }
	      6 	{ log local0. "request_status=[lindex $x $i]" }

	   }}

	   if {([lindex $x 0] contains "VIOLATION_RESPONSE_SCRUBBING")}
	   {
	      log local0. "VIOLATION_RESPONSE_SCRUBBING detected, let's modify"
	      ASM::payload replace 0 5 "method"
	   }
	}

HINTS
SEE ALSO
CHANGE LOG
       @BIGIP-10.1.0 --First introduced the event.



BIG-IP				  2017-01-31			      iRule(1)