For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Akshay_SK's avatar
Akshay_SK
Icon for Nimbostratus rankNimbostratus
May 16, 2021

Log matched/detected pattern in switch statement.

I have been trying to write a security iRule for my organization that provides a basic security. Here is my code snippet where I am matching the useragent value with the provided patterns.   swi...
BIG-IP
iRules
security
Dario_Garrido's avatar
Dario_Garrido
Icon for Noctilucent rankNoctilucent
May 16, 2021

Hello Akshay.

It's no possible to do it that way. You should differentiate each pattern.

switch -glob $useragent {
	"*havij*" {
		log local0. "Blocking this request due to detected user agent : *havij*"
		reject
	}
	"*zmeu*" {
		log local0. "Blocking this request due to detected user agent : *zmeu*"
		reject
	}
	"*sqlmap*" {
		log local0. "Blocking this request due to detected user agent : *sqlmap*"
		reject
	}
}

Regards,

Dario.