Forum Discussion
Block HTTPS access from specific user agent
Dear community,
I want to block HTTPS access from specific user agent(UA). I found this topic following, https://devcentral.f5.com/questions/block-a-user-agent-with-an-irule and I want some idea to arrange this iRule as following. -I want to show "404" to this access and reject to accessing our web server. -I sometime want to allow specific IP address using blocked UA. How can I make such exception?
the original one is below.
when HTTPS_REQUEST { log local0. "User-Agent:[HTTPS::header "User-Agent"]" if { [string tolower [HTTPS::header "User-Agent"]] == "mozilla/4.0"} { drop log local0. "Rejected request: [IP::remote_addr] User-Agent:[string tolower [HTTPS::header "User-Agent"]] requested [HTTPS::host][HTTP::uri]" } }
Thanks in advance for your help, Naoki
If you're after the same functionality you can use the same rule. Don't mind the HTTP part of "when HTTP_REQUEST". The SSL profile will take care of the "S" in "HTTPS". :)
/Patrik
- Mick39_201768Nimbostratus
Patrik, Thank you for your help. I'll try the rule. Could you tell me one more thing?
Is there any simple way to block both HTTP and HTTPS access? Should I have to write similar iRule like "HTTP_REQUEST{..."? If I can integrate two iRules, it really be my help.
Try this:
when HTTPS_REQUEST { log local0. "User-Agent:[HTTPS::header "User-Agent"]" if { [string tolower [HTTPS::header "User-Agent"]] == "mozilla/4.0" && !([IP::addr [IP::client_addr] equals 1.1.1.1]) } { drop log local0. "Rejected request: [IP::remote_addr] User-Agent:[string tolower [HTTPS::header "User-Agent"]] requested [HTTPS::host][HTTP::uri]" } }
Replace 1.1.1.1 with whatever IP you want to allow. Please note that this rule require an SSL profile and an HTTP profile on the virtual server.
If you have multiple IP's it might be worth looking into a data group list.
Good luck!
/Patrik
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com