on 16-Mar-2015 15:43
Problem this snippet solves:
This simple iRule should block the Nimda worm, if you should ever have need to do so.
Code :
when HTTP_REQUEST { set uri [string tolower [HTTP::uri]] if { ($uri contains "cmd.exe") or ($uri contains "root.exe") or ($uri contains "admin.dll") } { drop } else { pool serverpool } } ## Or using a switch statement which sends a TCP reset for offending requests and sends the rest to the VIP's default pool: when HTTP_REQUEST { switch [string tolower [HTTP::uri]] { "cmd.exe" - "root.exe" - "admin.dll" { reject } } }