Question on syntax of iRule

Hello Aaron, many thanks for your suggestion. This worked better, although the HTTP::cookie names doesn't seem to be matching on contains '.fb'. In the following example, I'm wondering if there's a way to check for '.fb' inside any cookie? when HTTP_REQUEST { if { [HTTP::header value "User-Agent"] contains "Mozilla" || [HTTP::header value "User-Agent"] contains "Opera" && { not [HTTP::cookie names] contains ".fb" } && [string tolower [HTTP::uri]] matches_regex {restservicesintstest} } then { reject log local0. "Client browser trying to connect to REST Host:[HTTP::host]; URI=[HTTP::uri]" log local0. "No SSO Cookie Detected, Client IP:[IP::client_addr] has been blocked" } } Feb 23 09:21:52 lb01 info tmm1[15541]: Rule /Common/SecAuthREST-IntS-Test : Client browser trying to connect to REST Host:fb1restservicesintstest.fb; URI=/communication/notifications/isAlive Feb 23 09:21:52 lb01 info tmm1[15541]: Rule /Common/SecAuthREST-IntS-Test : No SSO Cookie Detected, Client IP:10.0.22.218 has been blocked

I'm not seeing a way to check the contents of all cookies for '.fb'. I suspect that the reason { not [HTTP::cookie names] contains ".fb" } isn't working is that Windows desktop obscures the cookie names. If you view cookie files in Internet Explorer options, it shows all the cookie names ending in .fb. When I look locally on the filesystem, under Windows temp, I'm seeing all of those renamed cryptically, with .txt on the end. Due to that, I need to check the contents of cookies themselves for .fb