Forum Discussion

terri8502's avatar
terri8502
Icon for Nimbostratus rankNimbostratus
Mar 08, 2022

Requesting Assist with iRule Please

Hi All, I have F5LTM version 16.1.2.  I need to make an irule to stop NetSparker from scanning our web servers. I can identify them with the x_scanner variable in the header.  I followed K31914583 w...
  • Mark_van_D's avatar
    Mar 09, 2022

    Hi there,

    The K31914583 article assumes that you have created a data group.  In your example above that data group would be called Netsparker.  Also is the header name x-scanner or x_scanner?

    Seeing as you are only after one value I would not use the data group.

    You can use an irule to do this for you such as below,

    when HTTP_REQUEST {
        if { string tolower [HTTP::header "X-Scanner"]] contains "netsparker"] } {
    drop
    }
    }

    or you may want to look at using a traffic policy to do this for you, something like this.  You can also include additional actions such as logging to the policy.

    Don't forget to apply the irule and/or policy to your VS, make sure you test this before applying to production traffic.

    Good luck

    Mark