Forum Discussion
Shay_Ben-David1
Nimbostratus
Nimbostratusphishing irule prevent access from anywhere to my web
Hi, i am trying to use the phishing irule that F5 published, but when using it my web site stops working, i don;t have any clue why is it happen, maybee someone can help on this,
of course the refere and file types are in the data group columns
web:
http://www.mizrahi-tefahot.co.il
irule:
when HTTP_REQUEST {
if {[HTTP::version] == "1.1"} {
if {[HTTP::header is_keepalive]} {
HTTP::header replace "Connection" "Keep-Alive"
}
HTTP::version "1.0"
}
if { [matchclass [HTTP::header "Referer"] starts_with $::valid_referers] < 1 } {
log "
if { ([string tolower [HTTP::method] ] eq "get") && ([matchclass [HTTP::uri] contains $::file_types] > 0 )} {
discard
} elseif { ([HTTP::header exists "Content-Type"]) && ([HTTP::header "Content-Type"] starts_with "text" ) } {
set respond 1
}
}
}
when HTTP_RESPONSE {
if { $respond == 1 } {
if { [HTTP::header exists "Content-Length"] } {
set content_len [HTTP::header "Content-Length"]
} else {
set content_len 4294967295
}
if { $content_len > 0 } {
HTTP::collect $content_len
}
}
}
when HTTP_RESPONSE_DATA {
set bypass [string first -nocase "" [HTTP::payload] ]
if { $bypass != -1 } {
HTTP::payload replace $bypass 0 "type=\"text/javascript\">\n if (top.frames.length!=0) {\n if
(window.location.href.replace)\n top.location.replace(self.location.href);\n
else\n top.location.href=self.document.href;\n }\n \n"
} else {
HTTP::respond 500
}
}
Zeeshan_Ahmad_1This happens if you did not defined the refferer properly in your data group. please check that refferer is defined properly. Refferer needs to be the one which you defined in the datagroup