Forum Discussion

jba3126's avatar
jba3126
Icon for Cirrus rankCirrus
Jun 21, 2018

I have the following iRule that at least the browser detection is working; however I'm uncertain as to how to test the tcp_rst action.

when BOTDEFENSE_ACTION {
    if { [BOTDEFENSE::action] eq "browser_challenge" || [BOTDEFENSE::action] eq "tcp_rst" }  {
        set log "BOTDEFENSE:"
        set hsl [HSL::open -proto TCP -pool /Common/HSL-Syslog]
        append log " source [IP::remote_addr]"
        append log " vs [virtual]"
        append log " host [HTTP::host]"
        append log " uri [HTTP::uri]"
        append log " cs_possible [BOTDEFENSE::cs_possible]"
        append log " cs_allowed [BOTDEFENSE::cs_allowed]"
        append log " cs_attribute(device_id) [BOTDEFENSE::cs_attribute device_id]"
        append log " cookie_status [BOTDEFENSE::cookie_status]"
        append log " cookie_age [BOTDEFENSE::cookie_age]"
        append log " device_id [BOTDEFENSE::device_id]"
        append log " captcha_status [BOTDEFENSE::captcha_status]"
        append log " captcha_age [BOTDEFENSE::captcha_age]"
        append log " default action [BOTDEFENSE::action]"
        append log " reason \"[BOTDEFENSE::reason]\""
     Remove comment on line below if you want to see bot defense logs in /var/log/ltm
        log local0. $log
       HSL::send $hsl $log
       }
     }

/jeff