For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Song_chi_woon_2's avatar
Song_chi_woon_2
Icon for Nimbostratus rankNimbostratus
Nov 01, 2006

how to set iRule against DoS attack

Hi   I know the attack defense method such as CODred or Nimda in BIGIP.bigip system is able to filter out the cored,nimda by using to send the http requests   I want to know how to prevent to th...
application delivery
dev
devops
iRules
Yoda_34023's avatar
Yoda_34023
Icon for Nimbostratus rankNimbostratus
Nov 01, 2006
Hi I just merged the Nimda and CodeRed scripts into one and check the syntax was ok on my LTM.

 

 

------------------------------

 

CodeRed and Nimda prevention

 

------------------------------

 

when HTTP_REQUEST {

 

if {([HTTP::uri] contains "default.ida") or ([HTTP::uri] matches_regex ".*cmd.exe*.") or ([HTTP::uri] matches_regex ".*root.exe*.") or ([HTTP::uri] matches_regex ".*admin.dll*.") }

 

{

 

log local0. "client: [IP::client_addr], requested [HTTP::host][HTTP::uri]"

 

discard

 

} else {pool livepool}

 

}

 

 

Heres the log info (Modified of course):

 

 

Rule CodeRed_And_Nimda_Attack HTTP_REQUEST: client: , requested www.abc.com/root.exe

 

 

What I can't tell is if anything is getting blocked.