For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Dianna_129659's avatar
Dianna_129659
Icon for Nimbostratus rankNimbostratus
Mar 05, 2014

Whitelist a user agent

We use Pingdom to alert us when our site is down. We also block most IP Addresses that are not within the United States (we do business only within the US). Is there a way that I can whitelist the Pi...
ASM Advanced WAF
management
security
Kevin_Stewart's avatar
Kevin_Stewart
Icon for Employee rankEmployee
Mar 06, 2014

No worries. Your previous iRule was still doing this:

[class match [string tolower [HTTP::header User-Agent]] contains "pingdom"]

which is a data group lookup that attempts to match the User-Agent header value to a value in the "pingdom" data group. In this case, and the part I didn't catch yesterday, is that "pingdom" is the name of the data group. For the above to work, the values inside the data group must all be lower cased. But aside from that, you expressed that you just wanted to evaluate the User-Agent locally, assuming that there was just one User-Agent presented by the Pingdom clients. So we changed the above to this:

[string tolower [HTTP::header User-Agent]] contains "pingdom"

which is basically lower casing the incoming User-Agent header and comparing it to the string "pingdom". If the User-Agent contains the work "pingdom", then it should evaluate to TRUE. So...

If the UA header contains "pingdom" or the country is "US" or the country is "CA" - let them in. Otherwise drop the request.

Also, and not trying to complicate this further, since you're doing this in the HTTP_REQUEST event, you have an opportunity to get really creative with your deny. For example, instead of just dropping the request, you could send back some formatted HTML:

drop
HTTP::respond 200 content "...html document..."