Patti_G_72768
Oct 08, 2013Nimbostratus
regex to iRule conversion - 2
Hi again, I have another rule I would like to get some feedback on please. Here is an abbreviation of the rule:
404
Request Indicates a Security Scanner Scanned the Site
AUTOMATION/SECURITY_SCANNER
%(_DENY)
Here is what I wrote as the iRule that would try to do the same thing:
when HTTP_REQUEST {
if { ([class match [string tolower [HTTP::header User-Agent]] contains _my_rule_dg])} {
log local0. "Security Scanner scanned the site."
HTTP::respond 404 content "If you have reached this page in error, please try again."
event disable
}
}
I created the data group _my_rule_dg and entered the security scanners we want to search for. Will the iRule above satisfy what the regex rule is doing? If not, where am I going wrong? Thanks!