Help
CodeShare
Have some code. Share some code.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions

Blocking_the_ Nimda_ Worm

Cspillane_18296
Nimbostratus
Nimbostratus

on ‎16-Mar-2015 15:43

Problem this snippet solves:

This simple iRule should block the Nimda worm, if you should ever have need to do so.

Code :

when HTTP_REQUEST {
 set uri [string tolower [HTTP::uri]]
 if { ($uri contains "cmd.exe") or ($uri contains 
"root.exe") or ($uri contains "admin.dll") } {
  drop
 } else {
  pool serverpool
 }
}

## Or using a switch statement which sends a TCP reset for offending requests and sends the rest to the VIP's default pool:

when HTTP_REQUEST {
   switch [string tolower [HTTP::uri]] {
      "cmd.exe" -
      "root.exe" -
      "admin.dll" {
         reject
      }
   }
}
0 Kudos
Version history
Last update:
‎16-Mar-2015 15:43
Updated by:
Nimbostratus
Contributors
Copyright © 2023 Khoros, LLC