CodeShare
Have some code. Share some code.
cancel
Showing results for 
Search instead for 
Did you mean: 
Custom Alert Banner
Cspillane_18296
Nimbostratus
Nimbostratus

Problem this snippet solves:

This simple iRule should block the Nimda worm, if you should ever have need to do so.

Code :

when HTTP_REQUEST {
 set uri [string tolower [HTTP::uri]]
 if { ($uri contains "cmd.exe") or ($uri contains 
"root.exe") or ($uri contains "admin.dll") } {
  drop
 } else {
  pool serverpool
 }
}

## Or using a switch statement which sends a TCP reset for offending requests and sends the rest to the VIP's default pool:

when HTTP_REQUEST {
   switch [string tolower [HTTP::uri]] {
      "cmd.exe" -
      "root.exe" -
      "admin.dll" {
         reject
      }
   }
}
Version history
Last update:
‎16-Mar-2015 15:43
Updated by:
Contributors