Forum Discussion

NickAD's avatar
NickAD
Icon for Cirrus rankCirrus
Apr 13, 2017

iRule for blocking specific string in header & displaying blocking page

I am wondering if I can create an iRule to block a request if a certain string appears anywhere in the header.

For example, it would be something like...

when HTTP_REQUEST {
if { [HTTP::header "User-Agent"] contains "test1234" } {
drop
return }
}

Except I would not want the block to be limited to the User-Agent. I would want it to be blocked no matter where "test1234" appeared in the header.

A follow-up to that would be if I can also have this iRule display the blocking page with a SupportID. I would like those testing to be able to have visual confirmation to see it worked and so they can easily share it with others.

  • If you are referring to support ID then I assume you are using ASM. In that case then you need to create a custom signature. The instructions on how to do this can be found in the manual here and the content for your signature should be...

    headercontent:"test1234";nocase;
    

    There is no iRule needed for a blocking page to show a support ID. That is what will be shown by default when this signature is matched.

    If on the other hand you are not using ASM then what kind of support ID were you after?

  • If you are referring to support ID then I assume you are using ASM. In that case then you need to create a custom signature. The instructions on how to do this can be found in the manual here and the content for your signature should be...

    headercontent:"test1234";nocase;
    

    There is no iRule needed for a blocking page to show a support ID. That is what will be shown by default when this signature is matched.

    If on the other hand you are not using ASM then what kind of support ID were you after?

    • NickAD's avatar
      NickAD
      Icon for Cirrus rankCirrus

      A bit late but I was new to ASM at the time and didn't fully understand the requirements. Looking back at this thread, I confused myself and wondered why I was asking this. But seeing the date, I remember what it was for and I remember using this at the time.

  • Hi Guy,

     

    Use this code:

     

    when HTTP_REQUEST {
     Loop through each header by name
        foreach headerName [HTTP::header names] {
        if { [HTTP::header $headerName] contains "test1234" } {
            log local0. "$headerName header contains test1234"
            drop
            return 
        }
        }
    }