AltocumulusHi,
If we have a certain header that is blocked by response code 405 and we need WAF to allow response code 405 if it sees this header in the request , how we can achieve that in F5?
MVPWAF is best solution rather then TCL iRule. Find the WAF seetings.
Navigate to Security ›› Application Security : Security Policies : Policies List ›› Select_WAF_Policy
General Setting --> Basic HTTP Message Settings --> SAVE & apply the policy
CirrusHi Logan, before setting an action did you tried Create a Blocking Exception:
https://techdocs.f5.com/kb/en-us/products/big-ip_asm/manuals/product/asm-implementations-12-1-0/25.html
&
Navigate to Security -> Application Security -> Security Policies -> Blocking Settings.
Add a new blocking exception rule that triggers on the condition where the specific header is present in the request and the response code is 405.
Configure the Blocking Exception:
Specify the condition to match the specific header (X-Custom-Header in your case) using the appropriate expression language provided by F5 ASM.
Set the action for this exception to allow the response code 405. You can specify the action to "Allow" or "Log" depending on your security policy requirements.
CirrusCan u pls try with irule if possible.
when HTTP_REQUEST {
if { [HTTP::header exists "X-Special-Header"] } {
set allow_405 1
} else {
set allow_405 0
}
}
when HTTP_RESPONSE {
if { $allow_405 } {
if { [HTTP::status] == 405 } {
# Allow the 405 response if the special header was present in the request
# Optionally log this event
log local0. "Allowing 405 response for request with X-Special-Header"
} else {
# Reset the allow_405 flag if the response status is not 405
set allow_405 0
}
}
}
AltocumulusHi,
what is the action for this part? it will allow 405 response code if it sees this special header in the request?
if { [HTTP::status] == 405 } {
# Allow the 405 response if the special header was present in the request
# Optionally log this event
log local0. "Allowing 405 response for request with X-Special-Header"