Forum Discussion
Altostratusbase on HTTP header irules to blocked request
EmployeeHello Chen Zhe,
What are you trying to achieve? If you want to block all requests which don't contains any of these 4 headers, then it would be better just create such rule in iRule or you can create attack signature with such rule (e.g content:!"access-token"; nocase; content:!"authentication"; nocase;....)
Thanks, Ivan
AltostratusHi Ivan,
thank you!
Achieve you guess is right,detail: block all request which don't contains any of these 4 headers,unless shome HOST or host+uri .
but,rules didn't work as I expected。
when hit whilelist fist,at the end rules it hit discard again.
when HTTP_REQUEST {
if {[HTTP::header exists token] or [HTTP::header exists access-token] or [HTTP::header exists authentication] or [HTTP::header exists authorization]}{
ASM::enable "/Common/base-on-header-string"
}
#following all fuction is whitelist.
if { [class match [HTTP::host] contains domain_whiltlist] } {
ASM::enable "/Common/base-on-header-string"
}
if { [HTTP::host] == "meetingroomip-uat.bba-app.com" || [HTTP::host] == "meeting-inspection.bba-app.biz" } {
if {[class match [HTTP::uri] contains meeting] } {
ASM::enable "/Common/base-on-header-string"
}
}
if { [HTTP::host] == "bestyou-uat.bba-app.com" || [HTTP::host] == "bestyou.bba-app.biz" } {
if { [class match [HTTP::uri] contains bestyou] } {
ASM::enable "/Common/base-on-header-string"
}
}
else{
discard
}
