Log matched/detected pattern in switch statement.

Question

I have been trying to write a security iRule for my organization that provides a basic security. Here is my code snippet where I am matching the useragent value with the provided patterns.

switch -glob $useragent {

"*havij*" -

"*zmeu*" -

"*sqlmap*" {

log local0. "Blocking this request due to detected user agent : "

reject

}

How do I print the detected pattern here? If I try to print the $useragent, I will be logging the entire useragent value instead of only the detected pattern. Any help would be greatly appreciated.

dario_garrido · Answer

Hello Akshay.It's no possible to do it that way. You should differentiate each pattern.switch -glob $useragent {
	"*havij*" {
		log local0. "Blocking this request due to detected user agent : *havij*"
		reject
	}
	"*zmeu*" {
		log local0. "Blocking this request due to detected user agent : *zmeu*"
		reject
	}
	"*sqlmap*" {
		log local0. "Blocking this request due to detected user agent : *sqlmap*"
		reject
	}
}Regards,Dario.

Forum Discussion

Log matched/detected pattern in switch statement.

1 Reply

Welcome! a la Communidad DevCentral LATAM de F5!

The New F5 Certified BIG-IP Administrator Certification Exams Now Live

Recent Discussions

F5 Command

R4800 snmp issues.

F5 XC JWKS auto update

PCI Compliance and ASM

irule for redirect and header injection

Related Content

Community at F5 - Evolving Patterns and New Structures

Multi-Cluster, Multi-Cloud Networking for K8S with F5 Distributed Cloud – Architecture Pattern

The Three HTTP Routing Patterns You Should Know

Comparing iRule Control Statements

APM AdAuth HTTP Header Insert iRule Switch Statement

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS