Forum Discussion
Bob_10976
Mar 26, 2012Nimbostratus
Blocking Specific User-Agent
Hello all,
I'm attempting to block any traffic that comes in with the User-Agent that contains github.com/tenderlove/mechanize. Using the fourms I came up with the below iRule, however I'm getting an error message when I check it. I'm not sure what I'm missing.
when HTTP_REQUEST {
if { HTTP::header "User-Agent" contains "github.com/tenderlove/mechanize"} {
reject
}
}
Error on check: line 2: [parse error: PARSE syntax 32 {syntax error in expression " HTTP::header "User-Agent" contains "github.com/tenderlove/m...": variable references require preceding $}] [{ HTTP::header "User-Agent" contains "github.com/tenderlove/mechanize"}]
Any thoughts on or suggetions?
Thanks,
Bob
- hooleylistCirrostratusHi Bob,
when HTTP_REQUEST { log local0. "[IP::client_addr]:[TCP::client_port]: User-Agent: [string tolower [HTTP::header "User-Agent"]] requested [HTTP::host][HTTP::uri]" if { [string tolower [HTTP::header "User-Agent"]] contains "github.com/tenderlove/mechanize"} { log local0. "[IP::client_addr]:[TCP::client_port]: Rejected request" reject } }
- Bob_10976NimbostratusThank you!
- Bob_10976Nimbostratus
Not sure what I'm doing wrong here, but the rule doesn't appear to be working as expected. Using Firefox addon I can change my user agent to show the github info and I can confirm in the IIS logs that the user agent is showing the github info, but the traffic isn't being dropped.
when HTTP_REQUEST { log local0. "User-Agent:[HTTP::header "User-Agent"]" if { [HTTP::header "User-Agent"] contains "github.com/tenderlove/mechanize"} { reject } } [\code] Any thoughts or suggetions on what I can do better here? Thanks, Bob
- hooleylistCirrostratusHi Bob,
- Bob_10976NimbostratusThanks Hoolio.. But I nothing is reporting, either through the BigIP Browser GUI or in the /var/log/ltm Its a if the traffic isn't going through that VS, but I'm postitive its the right one..
- Bob_10976NimbostratusThanks Hoolio.. But I nothing is reporting, either through the BigIP Browser GUI or in the /var/log/ltm Its a if the traffic isn't going through that VS, but I'm postitive its the right one..
- hooleylistCirrostratusCan you try testing from the command line of the BIG-IP to the virtual server using curl?
- Bob_10976NimbostratusOk..I think I found the issue..or at least the start of the problem. When I logged into the LTM via putty I noticed my Primary is now the Secondary.. I've got to figure out when and why they switched before I move forward.
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects