block request on page type - help

Question

Hi there everyone,

At our shop, we would like to setup an iRule that will either deny access or drop request based on a request type.  For example, if a request comes in for /*.php we would like the request to not make it to our web servers.  We are .net and .cf shop but we get tons of request for .php files. Most of these are bots looking for know exploits and it is overwhelming our web servers.

I have inherited the current setup we have and i'm new to irules so any pointers would be greatly appreciated.

Thanks.

yaxzone_100047 · Answer

Looking at various rules, i've put together the following...   Any ideas anyone? 
&nbsp;  
&nbsp; when HTTP_REQUEST { 
&nbsp;    if {[HTTP::uri] contains ".php"]} { 
&nbsp;       HTTP::redirect "http://www.google.com" 
&nbsp;       drop 
&nbsp;    } 
&nbsp; } &nbsp;

hoolio · Answer

You could be more specific and check the HTTP path (URI minus the query string):

when HTTP_REQUEST {

Check for unwanted filetypes
   switch -glob [string tolower [HTTP::path]] {
      "*.php" -
      "*.exe" -
      "*.dll" {
         Reset the TCP connection
         reject
      }
   }
}

Aaron

yaxzone_100047 · Answer

hoolio,  
&nbsp;  
&nbsp; Thanks a lot.  I will give that a try.  &nbsp;

Forum Discussion

block request on page type - help

Recent Discussions

F5 LTM listening on 3306

How to implement LTM forward proxy client to determine the diversion pool based on the domain name

irule to enable http/2 acceleration

VS FORWARDING & ROUTE

Statistics ›› Analytics : HTTP : Overview

Related Content

SSL Orchestrator Advanced Use Cases: Custom Blocking Pages

Response and blocking page

ASM Sanitize Blocking Page Requests

Block requests by reverse DNS record

ASM blocked page redirect

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS