Shay_Ben-David1
Nimbostratus
Nimbostratusphishing irule prevent access from anywhere to my web
Hi, i am trying to use the phishing irule that F5 published, but when using it my web site stops working, i don;t have any clue why is it happen, maybee someone can help on this,
of course the refere and file types are in the data group columns
web:
http://www.mizrahi-tefahot.co.il
irule:
when HTTP_REQUEST {
if {[HTTP::version] == "1.1"} {
if {[HTTP::header is_keepalive]} {
HTTP::header replace "Connection" "Keep-Alive"
}
HTTP::version "1.0"
}
if { [matchclass [HTTP::header "Referer"] starts_with $::valid_referers] < 1 } {
log "
if { ([string tolower [HTTP::method] ] eq "get") && ([matchclass [HTTP::uri] contains $::file_types] > 0 )} {
discard
} elseif { ([HTTP::header exists "Content-Type"]) && ([HTTP::header "Content-Type"] starts_with "text" ) } {
set respond 1
}
}
}
when HTTP_RESPONSE {
if { $respond == 1 } {
if { [HTTP::header exists "Content-Length"] } {
set content_len [HTTP::header "Content-Length"]
} else {
set content_len 4294967295
}
if { $content_len > 0 } {
HTTP::collect $content_len
}
}
}
when HTTP_RESPONSE_DATA {
set bypass [string first -nocase "" [HTTP::payload] ]
if { $bypass != -1 } {
HTTP::payload replace $bypass 0 "type=\"text/javascript\">\n if (top.frames.length!=0) {\n if
(window.location.href.replace)\n top.location.replace(self.location.href);\n
else\n top.location.href=self.document.href;\n }\n \n"
} else {
HTTP::respond 500
}
}