Forum Discussion
base on HTTP header irules to blocked request
Hello Chen Zhe,
What are you trying to achieve? If you want to block all requests which don't contains any of these 4 headers, then it would be better just create such rule in iRule or you can create attack signature with such rule (e.g content:!"access-token"; nocase; content:!"authentication"; nocase;....)
Thanks, Ivan
- Chen_ZheJul 13, 2020Altostratus
Hi Ivan,
thank you!
Achieve you guess is right,detail: block all request which don't contains any of these 4 headers,unless shome HOST or host+uri .
but,rules didn't work as I expected。
when hit whilelist fist,at the end rules it hit discard again.
when HTTP_REQUEST {
if {[HTTP::header exists token] or [HTTP::header exists access-token] or [HTTP::header exists authentication] or [HTTP::header exists authorization]}{
ASM::enable "/Common/base-on-header-string"
}
#following all fuction is whitelist.
if { [class match [HTTP::host] contains domain_whiltlist] } {
ASM::enable "/Common/base-on-header-string"
}
if { [HTTP::host] == "meetingroomip-uat.bba-app.com" || [HTTP::host] == "meeting-inspection.bba-app.biz" } {
if {[class match [HTTP::uri] contains meeting] } {
ASM::enable "/Common/base-on-header-string"
}
}
if { [HTTP::host] == "bestyou-uat.bba-app.com" || [HTTP::host] == "bestyou.bba-app.biz" } {
if { [class match [HTTP::uri] contains bestyou] } {
ASM::enable "/Common/base-on-header-string"
}
}
else{
discard
}
- Ivan_ChernenkiiJul 13, 2020Employee
I didn't get your further "whitelist" part...
Do you want not enforce in case of whitelist?.. then you need ASM: disable.
Also, you have
when HTTP_REQUEST {
if {[HTTP::header exists token] or [HTTP::header exists access-token] or [HTTP::header exists authentication] or [HTTP::header exists authorization]}{
ASM::enable "/Common/base-on-header-string"
}
which means apply ASM policy in case of at least one header exists... While AFAIU you didn't want to block it. Please, clarify.
- Chen_ZheJul 14, 2020Altostratus
thank you for your reply, forgot it.
I changed irules to meet the requirements, but I encountered problems related to if, elseif, else. and i asked new question.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com