Reject based on string in HTTP header

Question

All,&nbsp;
 &nbsp;
I want the F5 to reject (or drop) packets that have specific string/text in the HTTP header. I found this:&nbsp;
 &nbsp;
when HTTP_REQUEST {&nbsp;
if { [HTTP::header exists Morfeus Scanner] } {&nbsp;
reject&nbsp;
}&nbsp;
}&nbsp;
&nbsp;
When I try to add the above iRule I get an error that there are too many arguments in line 2. I removed the second word (Scanner) and it accepted the iRule. BUT, I would prefer to have both words included. Is there a way to do that? Do I use quotes?&nbsp;
 &nbsp;
Thanks&nbsp;
 &nbsp;

kevin_stewart · Answer

Try this:

when HTTP_REQUEST {
foreach header {Morfeus Scanner} {
if { [HTTP::header exists $header] } {
log local0. "Caught $header header"
reject
}
}
}

The [HTTP::header exists ] command just works on the name of the header, so if you want to capture a header with "Morfeus" or "Scanner" in the value you'll need to modify the iRule.

j_saunders_4728 · Answer

Thanks. Will give it a try and update this thread.

arie · Answer

If it's likely that you will want to block on additional values in the future you may want to consider using a class (Data Group). Just keep in mind that the class and/or values won't be available when you save the class.

Forum Discussion

Reject based on string in HTTP header

3 Replies

F5 Container Ingress Services (CIS) and using k8s traffic policies to send traffic directly to pods

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

F5 Software Downgrade from version 17.x.x to 15.x.x

Error diskmonitor

CPU utilization of F5OS on r2600

sslprovide (--f5 ssl) does not generate CLIENT/SERVER_TRAFFIC_SECRET on server-side TLS traffic

Hardware replacement i2800 to r2600

Related Content

Intermediate iRules: Handling Strings

Strict header Insertion

Log Http Headers

(HTTP) Redirection via Arbitrary Host Header

F5 XC Distributed Cloud HTTP Header/Cookie manipulations and using the client ip/user headers

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS