cancel
Showing results for 
Search instead for 
Did you mean: 

iRule for blocking specific string in header & displaying blocking page

NickAD
Cirrus
Cirrus

I am wondering if I can create an iRule to block a request if a certain string appears anywhere in the header.

 

For example, it would be something like...

 

when HTTP_REQUEST { if { [HTTP::header "User-Agent"] contains "test1234" } { drop return } }

Except I would not want the block to be limited to the User-Agent. I would want it to be blocked no matter where "test1234" appeared in the header.

 

A follow-up to that would be if I can also have this iRule display the blocking page with a SupportID. I would like those testing to be able to have visual confirmation to see it worked and so they can easily share it with others.

 

1 ACCEPTED SOLUTION

Kevin_Davies_40
Nacreous
Nacreous

If you are referring to support ID then I assume you are using ASM. In that case then you need to create a custom signature. The instructions on how to do this can be found in the manual here and the content for your signature should be...

 

headercontent:"test1234";nocase;

There is no iRule needed for a blocking page to show a support ID. That is what will be shown by default when this signature is matched.

 

If on the other hand you are not using ASM then what kind of support ID were you after?

 

View solution in original post

3 REPLIES 3

Faruk_AYDIN
Nimbostratus
Nimbostratus

Hi Guy,

 

Use this code:

 

when HTTP_REQUEST {
 Loop through each header by name
    foreach headerName [HTTP::header names] {
    if { [HTTP::header $headerName] contains "test1234" } {
        log local0. "$headerName header contains test1234"
        drop
        return 
    }
    }
}

Kevin_Davies_40
Nacreous
Nacreous

If you are referring to support ID then I assume you are using ASM. In that case then you need to create a custom signature. The instructions on how to do this can be found in the manual here and the content for your signature should be...

 

headercontent:"test1234";nocase;

There is no iRule needed for a blocking page to show a support ID. That is what will be shown by default when this signature is matched.

 

If on the other hand you are not using ASM then what kind of support ID were you after?

 

A bit late but I was new to ASM at the time and didn't fully understand the requirements. Looking back at this thread, I confused myself and wondered why I was asking this. But seeing the date, I remember what it was for and I remember using this at the time.