Forum Discussion
Per_Hagstrom
Feb 28, 2019Nimbostratus
And for anyone who might be interested in the iRule I created, here it is:
when HTTP_REQUEST {
if {[string tolower [HTTP::path]] equals "/secretpage"} {
set ckname "SecretCookie"
set ckvalue "1"
set cookie [format "%s=%s; path=/; domain=%s" $ckname $ckvalue ".domain.org"]
HTTP::respond 302 Location "https://[HTTP::host]/wp-login.php" "Set-Cookie" $cookie
}
if {[string tolower [HTTP::path]] contains "/wp-login.php" and (![HTTP::cookie exists "SecretCookie"])} {
HTTP::redirect "https://[HTTP::host]/restricted-access-page"
}
}
Tested it out, and it seems to work perfectly! And since the "/secretpage" doesn't exist on the web server, good luck to the pesky hackers trying to brute force the login page now! 🙂
/ Per