For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

NickAD's avatar
NickAD
Icon for Cirrus rankCirrus
Apr 13, 2017

iRule to block string in header and display blocking page

I am wondering if I can create an iRule to block a request if a certain string appears anywhere in the header.

For example, it would be something like...

when HTTP_REQUEST {
if { [HTTP::header "User-Agent"] contains "test1234" } {
drop
return }
}

Except I would not want the block to be limited to the User-Agent. I would want it to be blocked no matter where "test1234" appeared in the header.

A follow-up to that would be if I can also have this iRule display the blocking page with a SupportID. I would like those testing to be able to have visual confirmation to see it worked and so they can easily share it with others.

ASM Advanced WAF
asm irules
f5irule
irule
security

2 Replies

  • Vijay_E's avatar
    Vijay_E
    Icon for Cirrus rankCirrus
    Apr 13, 2017

    I have never tried this but you may be able to get something along this line working:

    when HTTP_REQUEST {
  foreach header_var [HTTP::header names] {
    if { [HTTP::header header_var] contains "test1234" } {
      drop
      return }
}
}
  • Snl's avatar
    Snl
    Icon for Cirrostratus rankCirrostratus
    Apr 14, 2017

    Try below 

     when HTTP_REQUEST {
   log local0. "[IP::client_addr]:[TCP::client_port]: User-Agent: [string tolower [HTTP::header "User-Agent"]] requested [HTTP::host][HTTP::uri]"
      if { [string tolower [HTTP::header "User-Agent"]] contains "test1234"} {
  log local0. "[IP::client_addr]:[TCP::client_port]: Rejected request"
  reject   }}