Bug ID 515180: Matched ASM signatures cannot be accessed easily from iRules.

Last Modified: Mar 12, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP ASM(all modules)

Known Affected Versions:
11.5.1, 11.5.1 HF1, 11.5.1 HF10, 11.5.1 HF11, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.2, 11.5.2 HF1, 11.5.3, 11.5.3 HF1, 11.5.3 HF2, 11.5.4, 11.5.4 HF1, 11.5.4 HF2, 11.5.4 HF3, 11.5.4 HF4, 11.5.5, 11.5.6, 11.5.7, 11.5.8, 11.5.9, 11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4, 11.6.0 HF5, 11.6.0 HF6, 11.6.0 HF7, 11.6.0 HF8, 11.6.1, 11.6.1 HF1, 11.6.1 HF2, 11.6.2, 11.6.2 HF1, 11.6.3, 11.6.3.1, 11.6.3.2, 11.6.3.3, 11.6.3.4, 12.0.0, 12.0.0 HF1, 12.0.0 HF2, 12.0.0 HF3, 12.0.0 HF4, 12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2, 12.1.2 HF1, 12.1.2 HF2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5, 12.1.3.6, 12.1.3.7, 12.1.4

Fixed In:
13.0.0

Opened: Mar 30, 2015
Severity: 3-Major

Symptoms

Matched ASM signatures cannot be accessed easily from iRules.

Impact

It is very difficult to make rules that have different behavior according to specific signatures.

Conditions

A signature was matched.

Workaround

The signatures IDs can be seen through the violation_details, but difficult parsing is required to get these and act upon these.

Fix Information

The following commands have been added to the ASM_REQUEST_DONE event. ASM::signature ids - Returns the IDs of signatures. ASM::signature names - Returns a list with the names of the signatures found in the transaction. ASM::signature set_names - Returns a list with the set names of the signatures. Also note that further fixes added the staged signatures: ASM::signature staged_ids - Returns a list of staged signatures IDs. ASM::signature staged_names - Returns a list of staged signatures names. ASM::signature staged_set_names - Returns a list of staged signatures set names. Note that the signature names list is limited to 3 signatures and the signature IDs list is limited to 10 signatures.

Behavior Change

iRules commands have been added to retrieve the matched signature IDs, names and sets. The following commands have been added to the ASM_REQUEST_DONE event. ASM::signature ids - Returns the IDs of signatures. ASM::signature names - Returns a list with the names of the signatures found in the transaction. ASM::signature set_names - Returns a list with the set names of the signatures. Also note that further fixes added the staged signatures: ASM::signature staged_ids - Returns a list of staged signatures IDs. ASM::signature staged_names - Returns a list of staged signatures names. ASM::signature staged_set_names - Returns a list of staged signatures set names. Note that the signature names list is limited to 3 signatures and the signature IDs list is limited to 10 signatures.