iRule syntax - need help with conditional statement

Not sure I'm following your requirement. The Keep-Alive and Accept headers wouldn't normally contain "true" or "false" string values. What are you trying to match with the matches_regex command?

Hi Kevin, I have a rule that I need to translate into an iRule. Part of the rule had the following:

That's why I thought in the iRule I would need to place the http header accept to false and http header keep-alive to true. I probably didn't interpret it correctly. Sorry!

I have to assume there's more to that statement? Would you interpret to say, if the Accept header doesn't exist, the Keep-Alive header does exist, and the Keep-Alive header value is a number? What is supposed to do these criteria match?

Hi Kevin, there is one more piece of info I forgot to include. It is:

This came after the regex statement.

sorry again!

Actually, here's what we're trying to do Kevin. We are trying to find the best approach to mitigate a HULK HTTP Denial of Service attack. It seems like this type of DoS attack has some unique characteristics that may or may not be covered by the DoS profile properties in the ASM. From what I have gathered, this particular type of attack generates unique requests by changing the user agent, the referrer, and the keep alive time. Perhaps you already know more about this. We were using a WAF from another provider that constructed the rule as follows:

And what we are trying to figure out is if this will require a custom irule, if there is a signature that will address this, or can this be addressed with the DoS profile parameters within a DoS profile.

Reference: https://devcentral.f5.com/questions/irule-help-needed-need-to-meet-three-conditions