Log matched/detected pattern in switch statement.

Question

I have been trying to write a security iRule for my organization that provides a basic security. Here is my code snippet where I am matching the useragent value with the provided patterns.

switch -glob $useragent {

"*havij*" -

"*zmeu*" -

"*sqlmap*" {

log local0. "Blocking this request due to detected user agent : "

reject

}

How do I print the detected pattern here? If I try to print the $useragent, I will be logging the entire useragent value instead of only the detected pattern. Any help would be greatly appreciated.

dario_garrido · Answer

Hello Akshay.It's no possible to do it that way. You should differentiate each pattern.switch -glob $useragent {
	"*havij*" {
		log local0. "Blocking this request due to detected user agent : *havij*"
		reject
	}
	"*zmeu*" {
		log local0. "Blocking this request due to detected user agent : *zmeu*"
		reject
	}
	"*sqlmap*" {
		log local0. "Blocking this request due to detected user agent : *sqlmap*"
		reject
	}
}Regards,Dario.

Forum Discussion

Log matched/detected pattern in switch statement.

Recent Discussions

Background Tasks

APM with EntraID as idP / request signed

Should config via cli rather than gui?

APM Modern Customization - modify Header in user-common.js and form in user-logon.js

Which process is consuming higher CPU

Related Content

Community at F5 - Evolving Patterns and New Structures

Multi-Cluster, Multi-Cloud Networking for K8S with F5 Distributed Cloud – Architecture Pattern

The Three HTTP Routing Patterns You Should Know

APM AdAuth HTTP Header Insert iRule Switch Statement

Comparing iRule Control Statements

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS