WScott_99092
Mar 25, 2011Nimbostratus
remove request content/body on ASM_REQUEST_VIOLATION
Hi,
Our goal is to allow the webapplications to serve up blocking pages (this is due to pages varying based on location within the same webapp).
The only way we've currently been able to manipulate the request appropriately is to place the WAF into passthrough mode and detect ASM violations.
As the request is passed through, the original request (which should have been blocked in the WAF was in blocking mode) is served to the underlying webapplications.
In order to limit security risks, we intend on cleansing the incoming request by removing headers, querystrings and submitted content.
The bellow iRule achieves most of this, but we have been unable to find a way to strip out the content/body of the incoming request.
Is there any way of stripping out this content?
Basic sanitizing iRule
when ASM_REQUEST_VIOLATION {
HTTP::header sanitize "host"
HTTP::header insert "ASM-VIOLATION-ID [lindex [ASM::violation_data] 1]"
HTTP::header replace "connection" "close"
HTTP::uri [HTTP::path]
}