For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Rabbit23_116296's avatar
Rabbit23_116296
Icon for Nimbostratus rankNimbostratus
Apr 01, 2015

iRule to disable APM not working as expected

when HTTP_REQUEST { set header [HTTP::header "User-Agent"] log local0. "Before Match --- Header is: $header" if {[string tolower [HTTP::header "User-Agent"]] contains "mac os x" && [str...
BIG-IP Access Policy Manager (APM)
security
kunjan's avatar
kunjan
Icon for Nimbostratus rankNimbostratus
Apr 08, 2015

Tested the following iRule with curl

curl -k -L https://10.2.60.70

when HTTP_REQUEST {
  set u [HTTP::header "User-Agent"]
  set uru [HTTP::uri]
  log local0.notice "user agent: $u and uri: $uru"
  if {[string tolower [HTTP::header "User-Agent"]] contains "curl" } {
    ACCESS::disable 
  }   
}
when CLIENT_ACCEPTED {
    ACCESS::restrict_irule_events disable
}
when ACCESS_SESSION_STARTED {
   log local0.notice "Access session started"   
}

Apr 8 22:03:50 bigip6 notice tmm1[15943]: Rule /Common/accessDisable : user agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 OpenSSL/1.0.1j zlib/1.2.3 libidn/0.6.5 and uri: /

The logs doesn't have the Access session started message. Is there anything else done in your iRule?