Different Blocking pages for different violation?
I have an application that is going to start uploading files to the application, so I am going to use the ICAP hook in that ASM has to an AV scan engine to inspect those files before they reach the server. The application owner wants to have a different blocking page appear than appears for the for the rest of the site. Right now I can think of two ways to handle this
1. Create a seperate class and policy for the URI that is going to be doing the file uploads so that I can create a seperate custom blocking page.
2. Create an iRule using the ASM_REQUEST_VIOLATION event and ASM::violation_data commands to present a different page for Virus detected violation.
Does anyone have any other thoughts on this or another way to do this. Right now I am kind of leaning towards option 2 even though I am not great at iRules I have written a few and I think I can reuse that logic if needed if they have another violation that need specific blocking page.
Anyone have any thoughts about trying to get the violation data down to the web server so that the application owner can make the decision about what blocking page to provide?