Blocking_the_ Nimda_ Worm
Problem this snippet solves:
This simple iRule should block the Nimda worm, if you should ever have need to do so.
Code :
when HTTP_REQUEST {
set uri [string tolower [HTTP::uri]]
if { ($uri contains "cmd.exe") or ($uri contains
"root.exe") or ($uri contains "admin.dll") } {
drop
} else {
pool serverpool
}
}
## Or using a switch statement which sends a TCP reset for offending requests and sends the rest to the VIP's default pool:
when HTTP_REQUEST {
switch [string tolower [HTTP::uri]] {
"cmd.exe" -
"root.exe" -
"admin.dll" {
reject
}
}
}Published Mar 16, 2015
Version 1.0
Cspillane_18296
Nimbostratus
NimbostratusCspillane_18296Nimbostratus
NimbostratusNo CommentsBe the first to comment