Forum Discussion
sidiov
Aug 23, 2011Nimbostratus
Trouble with a irule using a data group
I am attempting to drop several user agent headers that hit a website consistantly with bad traffic, I wanted to use a data group for a list of agents, but when i use it, it drops all connections.
Here is the data group irule:
when HTTP_REQUEST { if {[matchclass [string tolower [HTTP::header "User-Agent"]] contains $::danger-user-agents] } { drop } }
danger-user-agents group contains 2 strings:
zmeu
black hole
If I manually specify the names it works:
when HTTP_REQUEST { if { [string tolower [HTTP::header "User-Agent"]] contains "zmeu" } {drop} elseif { [string tolower [HTTP::header User-Agent]] contains "black hole" } {drop} }
What am I doing wrong in the data group version?
I do have a similar data group working for another site's irule that drops based on uri strings, and that works fine:
- hoolioCirrostratusIf you're on 9.4.4 or higher, you should remove the $:: prefix from the datagroup name. If you're on 10.0+ you should use class match instead of matchclass:
when HTTP_REQUEST { if {[class match [string tolower [HTTP::header "User-Agent"]] contains danger-user-agents] } { drop } }
- hoolioCirrostratusActually, the issue is with the hyphens in the datagroup name. Can you change them to underscores or wrap the datagroup name inthe iRule in curly braces:
when HTTP_REQUEST { if {[class match [string tolower [HTTP::header "User-Agent"]] contains {danger-user-agents}] } { drop } }
when HTTP_REQUEST { if {[class match [string tolower [HTTP::header "User-Agent"]] contains danger_user_agents}] } { drop } }
- sidiovNimbostratusThanks!
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects