Forum Discussion

Nimbostratus

Feb 15, 2016

HTTP::header - match on 'Cookie' header entry

I'd like to use a rule to block client to REST server connections, as only server-to-server should be allowed for REST services. Does the following look sound? The idea is to block client connectio...

MVP

Feb 15, 2016

Hi Eric,

you may try the syntax below, to "soft-block" the most common Browser-based User-Agents...

when HTTP_REQUEST {
    if { ( [HTTP::header value "User-Agent"] contains "Mozilla" ) or 
         ( [HTTP::header value "User-Agent"] contains "Opera" ) } then {
         reject
    }
}

Note: I've to second Kevin's opinion. Using such an ACL is more or less just providing Security-by-Obscurity... 😉

Note: Test the iRule carefully to not block legitimate API traffic. The chances are there, that a developer is using somehow a browser-based User-Agent string...

Cheers, Kai

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)