For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Vince_Beltz_959's avatar
Vince_Beltz_959
Icon for Nimbostratus rankNimbostratus
Oct 22, 2009

Drop Doesn't

I've implemented the following iRule to filter out certain user agents from connecting to our servers. Testing with Firefox and the Modify Headers add-on, it seems to work - I get a disconnected messa...
application delivery
dev
devops
iRules
hoolio's avatar
hoolio
Icon for Cirrostratus rankCirrostratus
Oct 22, 2009
Can you try this instead with added logging? 

 
 when HTTP_REQUEST { 
  
    log local0. "[IP::client_addr]:[TCP::client_port]: New [HTTP::method] request to [HTTP::host][HTTP::uri] with UA [HTTP::header User-Agent]" 
    switch -glob [string tolower [HTTP::header "User-Agent"]] { 
       "*torrent*" - 
       "*azureus*" - 
       "*windows-media-player*" - 
       "*microsoft-webdav-miniredir*" { 
          log local0. "[IP::client_addr]:[TCP::client_port]: Matched UA check. Closing TCP connection." 
          TCP::close 
       } 
       default { 
          log local0. "[IP::client_addr]:[TCP::client_port]: UA didn't check, redirecting." 
          HTTP::redirect http://targetsite.tld 
       } 
    } 
 }

If TCP::close doesn't work, can you try reject instead? This should trigger LTM to send a RST packet to the client.

Can you post anonymized copies of the logs from both TCP::close and reject?

Thanks,

Aaron