Forum Discussion
Shay_Ben-David1
Nimbostratus
Nimbostratusphishing irule
does anyone knows why i get error on line 1 & 12 on this irule?
it says missing brackets, but seems to be ok ?
class valid_referers {
"http://mydomain.com"
}
class file_types {
".gif"
".jpg"
".png"
}
rule no_phishing {
when HTTP_REQUEST {
Don't allow data to be chunked.
if {[HTTP::version] == "1.1"} {
if {[HTTP::header is_keepalive]} {
Adjust the Connection header.
HTTP::header replace "Connection" "Keep-Alive"
}
HTTP::version "1.0"
}
if { [matchclass [HTTP::header "Referer"] starts_with $::valid_referers] < 1 } {
if { ([string tolower [HTTP::method] ] eq "get") && ([matchclass [HTTP::uri] contains $::file_types] > 0 )} {
discard
} elseif { ([HTTP::header exists "Content-Type"]) && ([HTTP::header "Content-Type"] starts_with "text" ) } {
set respond 1
}
}
}
when HTTP_RESPONSE {
if { $respond == 1 } {
if { [HTTP::header exists "Content-Length"] } {
set content_len [HTTP::header "Content-Length"]
} else {
set content_len 4294967295
}
if { $content_len > 0 } {
HTTP::collect $content_len
}
}
}
when HTTP_RESPONSE_DATA {
set bypass [string first -nocase "" [HTTP::payload] ]
if { $bypass != -1 } {
HTTP::payload replace $bypass 0 "type=\"text/javascript\">\n if (top.frames.length!=0) {\n if
(window.location.href.replace)\n top.location.replace(self.location.href);\n
else\n top.location.href=self.document.href;\n }\n \n"
} else {
HTTP::respond 500
}
}
}
- The "class" portions need to be defined outside the rule itself as Data Group Lists with the names indicated in the "class" statement.
The rest of the text is the actual iRule. To enter the iRule in the GUI, you will cut & paste all but the first & last lines into the "Definition" dialog box. The GUI will add the "rule name {" line as well as the trailing "}". (In other words, the first line of the iRule will be "when HTTP_REQUEST", and the iRule will end with 2 "}" rather than 3.)class valid_referers { "http://mydomain.com" } class file_types { ".gif" ".jpg" ".png" }
HTH
/deb 
Shay_Ben-David1thanks
