Forum Discussion

Nimbostratus

May 16, 2021

Log matched/detected pattern in switch statement.

I have been trying to write a security iRule for my organization that provides a basic security. Here is my code snippet where I am matching the useragent value with the provided patterns. swi...

MVP

May 16, 2021

Hello Akshay.

It's no possible to do it that way. You should differentiate each pattern.

switch -glob $useragent {
	"*havij*" {
		log local0. "Blocking this request due to detected user agent : *havij*"
		reject
	}
	"*zmeu*" {
		log local0. "Blocking this request due to detected user agent : *zmeu*"
		reject
	}
	"*sqlmap*" {
		log local0. "Blocking this request due to detected user agent : *sqlmap*"
		reject
	}
}

Regards,

Dario.

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

Log matched/detected pattern in switch statement.

Recent Discussions

Background Tasks

APM with EntraID as idP / request signed

Should config via cli rather than gui?

APM Modern Customization - modify Header in user-common.js and form in user-logon.js

Which process is consuming higher CPU

Related Content

Community at F5 - Evolving Patterns and New Structures

Multi-Cluster, Multi-Cloud Networking for K8S with F5 Distributed Cloud – Architecture Pattern

The Three HTTP Routing Patterns You Should Know

APM AdAuth HTTP Header Insert iRule Switch Statement

Comparing iRule Control Statements

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS