Forum Discussion

Nimbostratus

May 16, 2021

Log matched/detected pattern in switch statement.

I have been trying to write a security iRule for my organization that provides a basic security. Here is my code snippet where I am matching the useragent value with the provided patterns. swi...

Noctilucent

May 16, 2021

Hello Akshay.

It's no possible to do it that way. You should differentiate each pattern.

switch -glob $useragent {
	"*havij*" {
		log local0. "Blocking this request due to detected user agent : *havij*"
		reject
	}
	"*zmeu*" {
		log local0. "Blocking this request due to detected user agent : *zmeu*"
		reject
	}
	"*sqlmap*" {
		log local0. "Blocking this request due to detected user agent : *sqlmap*"
		reject
	}
}

Regards,

Dario.

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Log matched/detected pattern in switch statement.

Jonathan - March 2026 Featured Member

F5 AppWorld 2026 Las Vegas - iRules Contest Winners!

2026 F5 DevCentral MVP Announcement

Recent Discussions

Help with an iRule to disconnect active connections to Pool Members that are "offline"

Questions on R-Series 5800s

iRule Approach to Mask Authorization Header for Bot Defense Logging – Validation Needed

Cloud Apps Protection

ASM/AWAF declarative policy

Related Content

Community at F5 - Evolving Patterns and New Structures

The Three HTTP Routing Patterns You Should Know

Multi-Cluster, Multi-Cloud Networking for K8S with F5 Distributed Cloud – Architecture Pattern

Comparing iRule Control Statements

Ingress/Egress and inter VPC inspection with BIG-IP and GWLB deployment pattern

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS