iRule to block string in header and display blocking page

Question

I am wondering if I can create an iRule to block a request if a certain string appears anywhere in the header. 
For example, it would be something like...
when HTTP_REQUEST {
if { [HTTP::header "User-Agent"] contains "test1234" } {
drop
return }
}

Except I would not want the block to be limited to the User-Agent. I would want it to be blocked no matter where "test1234" appeared in the header.
A follow-up to that would be if I can also have this iRule display the blocking page with a SupportID. I would like those testing to be able to have visual confirmation to see it worked and so they can easily share it with others.

vijay_e · Answer

I have never tried this but you may be able to get something along this line working:
when HTTP_REQUEST {
  foreach header_var [HTTP::header names] {
    if { [HTTP::header header_var] contains "test1234" } {
      drop
      return }
}
}

snl · Answer

Try below 
 when HTTP_REQUEST {
   log local0. "[IP::client_addr]:[TCP::client_port]: User-Agent: [string tolower [HTTP::header "User-Agent"]] requested [HTTP::host][HTTP::uri]"
      if { [string tolower [HTTP::header "User-Agent"]] contains "test1234"} {
  log local0. "[IP::client_addr]:[TCP::client_port]: Rejected request"
  reject   }}

Forum Discussion

iRule to block string in header and display blocking page

Recent Discussions

Which process is consuming higher CPU

F5 Health Monitor Receive String as JSON

Background Tasks

SSL bridging without SSL proxy forward

Big-IP VE edition for MacBook M4 Chip

Related Content

iRule for blocking specific string in header & displaying blocking page

Block IP after a number of ASM Blocks

Block traffic

string first replacement procedure for ID999881

Displaying VS config using SDK

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS