For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

kaguras_48797's avatar
kaguras_48797
Icon for Nimbostratus rankNimbostratus
Apr 18, 2011

iRule and Operators Help

Hi all,

 

 

I'a new user and I would like to know is it possible to write an iRule that contorls IP address and cookie which will reject or send a reset package if IP address is not an IP Address that I expecting traffic from and contains some "CookieName" ?

 

 

Thanx in advanced

 

Burcin
application delivery
dev
devops
iRules

5 Replies

  • Michael_Yates's avatar
    Michael_Yates
    Icon for Nimbostratus rankNimbostratus
    Apr 18, 2011
    Yes. That is possible with iRules.

     

     

    Here is the Wiki Entry to check on a Cookie:

     

    http://devcentral.f5.com/wiki/default.aspx/iRules/HTTP__cookie.html

     

     

    Here is the Wiki Entry for "class match" (I would suggest using a Data Group unless you know that your only going to want to block a single IP or subnet. Data Groups give you additional flexibility, but if it doesn't fit there are alternatives).

     

    http://devcentral.f5.com/wiki/default.aspx/iRules/class.html

     

     

    If you need additional help in starting your iRule let us know.
  • kaguras_48797's avatar
    kaguras_48797
    Icon for Nimbostratus rankNimbostratus
    Apr 19, 2011
    Hi,

     

     

    Thank you very much for your response, I wrote something but it is not working actually, what can be the problem ?

     

     

    I'm trying to search some string in GET request and Check one IP, if they dont match, it will not allow the traffic, reject/reset the packet.

     

     

     

    when HTTP_REQUEST {

     

     

    if { [string tolower [HTTP::header "HeaderName"]] contains "Some_String_in_Header" } and ![IP::addr [IP::client_add] equals A.B.C.D]

     

     

    }

     

    {discard }

     

     

    Thank you

     

  • hoolio's avatar
    hoolio
    Icon for Cirrostratus rankCirrostratus
    Apr 19, 2011
    Add an "r" to IP::client_add so it's:

     

     

    when HTTP_REQUEST {

     

     

    if { [string tolower [HTTP::header "HeaderName"]] contains "some_string_in_header" and ![IP::addr [IP::client_addr] equals A.B.C.D]}{

     

    discard

     

    }

     

    }

     

     

     

    Also make sure that the string in your iRule is in lower case as you're setting the HTTP header to lower case.

     

     

    Aaron
  • kaguras_48797's avatar
    kaguras_48797
    Icon for Nimbostratus rankNimbostratus
    Apr 21, 2011
    Hello,

     

     

    Thank you for information, I ll try tomorrow and see if it works or not, by the way, is there any way to search string as In-sensitive way ?

     

     

    Regards

     

    Burcin

     

  • Michael_Yates's avatar
    Michael_Yates
    Icon for Nimbostratus rankNimbostratus
    Apr 21, 2011
    It really depends on what command you are using. There are several commands that have a -nocase option, but in some cases it can only be used in certain circumstances. Here are a couple of examples you can look at:

     

     

    Class Command -

     

    http://devcentral.f5.com/wiki/default.aspx/iRules/class.html

     

     

    String Command -

     

    http://www.tcl.tk/man/tcl8.4/TclCmd/string.htm

     

     

    For the most part you will probably end up using the "string tolower" so that you can set what you are going to process to a known state like hoolio showed.

     

     

    Hope this helps.