Forum Discussion

mraful_64014's avatar
mraful_64014
Icon for Nimbostratus rankNimbostratus
Sep 09, 2011

I need opinions on how to handle rejects

I have written an irule to reject certain URI requests. As of now, the user would receive a simple 404 error, HTTP::respond 404. However, I don't want a poential hacker aware that something exists between him and the web server. What do some of you do? Do you write your own web? Simply redirect them to another page on the web server? Thanks.
  • George_Watkins_'s avatar
    George_Watkins_
    Historic F5 Account
    Hi mraful,

     

     

    This is a great place to use a honeypot. If you know the approximate rate of requests a normal user would make to a virtual, you can set an upper bound of 10x the normal usage. If that user exceeds that threshold, then throw that user into a separate pool that goes nowhere. The table command (http://devcentral.f5.com/wiki/iRules.table.ashx) is great for counting things and expiring those counters after a certain period of time. Hope this helps,

     

     

    George
  • I have decided to do what I have seen before on the Wiki and forums and use a quick and dirty web page in response. Is there any way to do an HTTP::respond 404 content { HTML here}?
  • @watkins,

    I like your idea. It would be interesting to build and test out.

    @mraful,

    Yes, you can create a valid iRule to do that, but I got mixed results when I tried it.

    IE 8 ignored the content and displayed a default 404.

    Chrome just declared the site broken.

    Firefox displayed it as intended.

    You can test it yourself if you like:

    
    when HTTP_RESPONSE {
    HTTP::respond 404 content "Site unavailable
    
    
    
    Oops!  This site is unavailable.
    NOTICE: The site you were trying to reach is unavailable.
    "
    }
    
  • @watkins,

    I like your idea. It would be interesting to build and test out.

    @mraful,

    Yes, you can create a valid iRule to do that, but I got mixed results when I tried it.

    IE 8 ignored the content and displayed a default 404.

    Chrome just declared the site broken.

    Firefox displayed it as intended.

    You can test it yourself if you like:

    
    when HTTP_RESPONSE {
    HTTP::respond 404 content "Site unavailable
    
    
    
    Oops!  This site is unavailable.
    NOTICE: The site you were trying to reach is unavailable.
    "
    }