The Blocking Reponse Page is blocked and looping :-)
Hi there,
On our ASM, for the Blocking Reponse Page, we use a redirect to a page on the application server:
So the browser is requesting
https://the.server/path-to/blocking-page?param=123456789
or so (which also goes through the ASM).
That works OK, most of the time.
What we have noticed is that occasionally, the request for that blocking page is blocked itself, causing a loop.
On one occasion, it appears that the cause was a mobile device that caused an HTTP Protocol Compliance violation.
That resulted in blocking and a request for the Blocking Response Page, which again caused that same HTTP Protocol Compliance violation, which resulted in blocking, which ...
Today I reproduced the issue by making Firefox use a "User-Agent: wget test" header. This triggers the Attack Signature "Automated client access wget", which again triggers the blocking page request loop.
Has anyone found an easy / straightforward / effective way to address this?
We will eventually run version 10.2.1, so I was thinking of an irule like
when ASM_REQUEST_VIOLATION {
if the requested URI is the Blocking Response Page
then HTTP::respond with a simple error message instead of the Javascript redirect
}
This should work I think, but I'm wondering if anyone else has faced this issue, and found an elegant solution.
Thanks and kind regards,
Arthur