Forum Discussion

NickAD's avatar
NickAD
Icon for Cirrus rankCirrus
Apr 13, 2017
Solved

iRule for blocking specific string in header & displaying blocking page

I am wondering if I can create an iRule to block a request if a certain string appears anywhere in the header.

For example, it would be something like...

when HTTP_REQUEST {
if { [HTTP::header "User-Agent"] contains "test1234" } {
drop
return }
}

Except I would not want the block to be limited to the User-Agent. I would want it to be blocked no matter where "test1234" appeared in the header.

A follow-up to that would be if I can also have this iRule display the blocking page with a SupportID. I would like those testing to be able to have visual confirmation to see it worked and so they can easily share it with others.

ASM Advanced WAF
asm irules
blocking page
f5irule
irule
security
  • Kevin_Davies_40's avatar
    Kevin_Davies_40
    Apr 14, 2017

    If you are referring to support ID then I assume you are using ASM. In that case then you need to create a custom signature. The instructions on how to do this can be found in the manual here and the content for your signature should be...

    headercontent:"test1234";nocase;

    There is no iRule needed for a blocking page to show a support ID. That is what will be shown by default when this signature is matched.

    If on the other hand you are not using ASM then what kind of support ID were you after?

3 Replies

Sort By
  • Kevin_Davies_40's avatar
    Kevin_Davies_40
    Icon for Nacreous rankNacreous
    Apr 14, 2017

    If you are referring to support ID then I assume you are using ASM. In that case then you need to create a custom signature. The instructions on how to do this can be found in the manual here and the content for your signature should be...

    headercontent:"test1234";nocase;

    There is no iRule needed for a blocking page to show a support ID. That is what will be shown by default when this signature is matched.

    If on the other hand you are not using ASM then what kind of support ID were you after?

    • NickAD's avatar
      NickAD
      Icon for Cirrus rankCirrus
      Sep 21, 2020

      A bit late but I was new to ASM at the time and didn't fully understand the requirements. Looking back at this thread, I confused myself and wondered why I was asking this. But seeing the date, I remember what it was for and I remember using this at the time.

  • Faruk_AYDIN's avatar
    Faruk_AYDIN
    Icon for Nimbostratus rankNimbostratus
    Apr 14, 2017

    Hi Guy,

     

    Use this code:

     

    when HTTP_REQUEST {
 Loop through each header by name
    foreach headerName [HTTP::header names] {
    if { [HTTP::header $headerName] contains "test1234" } {
        log local0. "$headerName header contains test1234"
        drop
        return 
    }
    }
}