F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

Song_chi_woon_2's avatar
Song_chi_woon_2
Icon for Nimbostratus rankNimbostratus
Oct 31, 2006

how to set iRule against DoS attack

Hi   I know the attack defense method such as CODred or Nimda in BIGIP.bigip system is able to filter out the cored,nimda by using to send the http requests   I want to know how to prevent to th...
application delivery
dev
devops
iRules
Yoda_34023's avatar
Yoda_34023
Icon for Nimbostratus rankNimbostratus
Nov 01, 2006
Hi I just merged the Nimda and CodeRed scripts into one and check the syntax was ok on my LTM.

 

 

------------------------------

 

CodeRed and Nimda prevention

 

------------------------------

 

when HTTP_REQUEST {

 

if {([HTTP::uri] contains "default.ida") or ([HTTP::uri] matches_regex ".*cmd.exe*.") or ([HTTP::uri] matches_regex ".*root.exe*.") or ([HTTP::uri] matches_regex ".*admin.dll*.") }

 

{

 

log local0. "client: [IP::client_addr], requested [HTTP::host][HTTP::uri]"

 

discard

 

} else {pool livepool}

 

}

 

 

Heres the log info (Modified of course):

 

 

Rule CodeRed_And_Nimda_Attack HTTP_REQUEST: client: , requested www.abc.com/root.exe

 

 

What I can't tell is if anything is getting blocked.