Last Modified: Jul 13, 2024
Affected Product(s):
BIG-IP ASM
Known Affected Versions:
11.5.1, 11.5.1 HF1, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.1 HF10, 11.5.1 HF11, 11.5.2, 11.5.2 HF1, 11.5.3, 11.5.3 HF1, 11.5.3 HF2, 11.5.4, 11.5.4 HF1, 11.5.4 HF2, 11.5.4 HF3, 11.5.4 HF4, 11.5.5, 11.5.6, 11.5.7, 11.5.8, 11.5.9, 11.5.10, 11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4, 11.6.0 HF5, 11.6.0 HF6, 11.6.0 HF7, 11.6.0 HF8, 11.6.1, 11.6.1 HF1, 11.6.1 HF2, 11.6.2, 11.6.2 HF1, 11.6.3, 11.6.3.1, 11.6.3.2, 11.6.3.3, 11.6.3.4, 11.6.4, 11.6.5, 11.6.5.1, 11.6.5.2, 11.6.5.3, 12.0.0, 12.0.0 HF1, 12.0.0 HF2, 12.0.0 HF3, 12.0.0 HF4, 12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2, 12.1.2 HF1, 12.1.2 HF2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5, 12.1.3.6, 12.1.3.7, 12.1.4, 12.1.4.1, 12.1.5, 12.1.5.1, 12.1.5.2, 12.1.5.3, 12.1.6
Fixed In:
13.0.0
Opened: Mar 30, 2015 Severity: 3-Major
Matched ASM signatures cannot be accessed easily from iRules.
It is very difficult to make rules that have different behavior according to specific signatures.
A signature was matched.
The signatures IDs can be seen through the violation_details, but difficult parsing is required to get these and act upon these.
The following commands have been added to the ASM_REQUEST_DONE event. ASM::signature ids - Returns the IDs of signatures. ASM::signature names - Returns a list with the names of the signatures found in the transaction. ASM::signature set_names - Returns a list with the set names of the signatures. Also note that further fixes added the staged signatures: ASM::signature staged_ids - Returns a list of staged signatures IDs. ASM::signature staged_names - Returns a list of staged signatures names. ASM::signature staged_set_names - Returns a list of staged signatures set names. Note that the signature names list is limited to 3 signatures and the signature IDs list is limited to 10 signatures.
iRules commands have been added to retrieve the matched signature IDs, names and sets. The following commands have been added to the ASM_REQUEST_DONE event. ASM::signature ids - Returns the IDs of signatures. ASM::signature names - Returns a list with the names of the signatures found in the transaction. ASM::signature set_names - Returns a list with the set names of the signatures. Also note that further fixes added the staged signatures: ASM::signature staged_ids - Returns a list of staged signatures IDs. ASM::signature staged_names - Returns a list of staged signatures names. ASM::signature staged_set_names - Returns a list of staged signatures set names. Note that the signature names list is limited to 3 signatures and the signature IDs list is limited to 10 signatures.