Forum Discussion

Mohanad's avatar
Mohanad
Icon for Cirrostratus rankCirrostratus
Dec 30, 2021

irule to match string in /var/log/ltm

Hello

i need irule irule to match string in /var/log/ltm so i can take action

 

i need to match on diA

 when BOTDEFENSE_ACTION {
     if {[$diA equals {"[AYrQyWEAAAAACxF5RBPJyPdDICteKxbw"}]} {
         set res [BOTDEFENSE::action tcp_rst]
		   BOTDEFENSE::action custom_response "sorry\ni am blocking you\n"
     }
 }

error:

01220001:3: TCL error: /Common/DevID_Logging <BOTDEFENSE_ACTION> - can't read "diA": no such variable   while executing "$diA equals {"[AYrQyWEAAAAACxF5RBPJyPdDICteKxbw"}"

ASM Advanced WAF
iRules
security
  • JRahm's avatar
    JRahm
    Icon for Admin rankAdmin
    Dec 30, 2021

    where are you setting diA variable? even when that gets set, $diA will be evaluated as a command and fail as well with the brackets, so you'll want to rewrite that to something like:

    if { $dia eq "..."} {
  set res ...
}

    I'm assuming your testing here, and likely you'll use tables to store the fingerprints? That'll be a lot of manual configuration of them otherwise.

    • Mohanad's avatar
      Mohanad
      Icon for Cirrostratus rankCirrostratus
      Dec 31, 2021

      I'm testing Device ID+ with ASM (PoC), i imported the iApp, and used the following irule, what i want to do something with it... im connecting to a website from another PC and i logged my device id and i want to blocked my pc.

      when HTTP_REQUEST {
    if [HTTP::cookie exists _imp_apg_r_] {
        set deviceid [URI::decode [HTTP::cookie _imp_apg_r_]]
        log local0. "URL Decoded cookie is $deviceid"
        set deviceida [lindex [regexp -inline -- (?:"diA":")(.*?)(?:") $deviceid] 1]
        log local0. "diA = $deviceida"
        set deviceidb [lindex [regexp -inline -- (?:"diB":")(.*?)(?:") $deviceid] 1]
        log local0. "diB = $deviceidb"
        log local0. "IP is [IP::client_addr]"
        log local0. "Path os [HTTP::path]"
    } else {
    log local0. "No cookie"
    }
}
      • CA_Valli's avatar
        CA_Valli
        Icon for MVP rankMVP
        Jan 04, 2022

        Hello Mohanad,

        based on logging instruction on line 6, the variable that will contain diA is $deviceida

         

        $diA does not exist in your code, there is no such line that sets diA variable/value pair

         

        Moreover, as Jason already mentioned, your if statement will fail since you are using square brackets incorrectly -- to keep it simple their purpose in iRule would be for retrieving packet data such as [HTTP::header] , or for operations such as line 5 of your code where you calculate diA (read TCL references for a complete overview)

         

        You will need to adjust BOTDEFENSE_ACTION if statement as follows:

         when BOTDEFENSE_ACTION {
     if { $deviceida equals "AYrQyWEAAAAACxF5RBPJyPdDICteKxbw" } {
         set res [BOTDEFENSE::action tcp_rst]
	 BOTDEFENSE::action custom_response "sorry\ni am blocking you\n"
     }
 }