Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions

iRule for blocking specific string in header & displaying blocking page

Go to solution
NickAD
Cirrus
Cirrus

‎13-Apr-2017 10:25 - last edited on ‎03-Jun-2023 11:33 by Fog

I am wondering if I can create an iRule to block a request if a certain string appears anywhere in the header.

For example, it would be something like...

when HTTP_REQUEST {
if { [HTTP::header "User-Agent"] contains "test1234" } {
drop
return }
}

Except I would not want the block to be limited to the User-Agent. I would want it to be blocked no matter where "test1234" appeared in the header.

A follow-up to that would be if I can also have this iRule display the blocking page with a SupportID. I would like those testing to be able to have visual confirmation to see it worked and so they can easily share it with others.

Labels:
0 Kudos
1 ACCEPTED SOLUTION

Go to solution
Kevin_Davies_40
Nacreous
Nacreous

‎14-Apr-2017 04:17 - last edited on ‎03-Jun-2023 11:33 by Fog

If you are referring to support ID then I assume you are using ASM. In that case then you need to create a custom signature. The instructions on how to do this can be found in the manual here and the content for your signature should be...

headercontent:"test1234";nocase;

There is no iRule needed for a blocking page to show a support ID. That is what will be shown by default when this signature is matched.

If on the other hand you are not using ASM then what kind of support ID were you after?

View solution in original post

3 REPLIES 3

Go to solution
Faruk_AYDIN
Nimbostratus
Nimbostratus

‎14-Apr-2017 01:59 - last edited on ‎22-Nov-2022 15:37 by Fog

Hi Guy,

 

Use this code:

 

when HTTP_REQUEST {
 Loop through each header by name
    foreach headerName [HTTP::header names] {
    if { [HTTP::header $headerName] contains "test1234" } {
        log local0. "$headerName header contains test1234"
        drop
        return 
    }
    }
}
0 Kudos

Go to solution
Kevin_Davies_40
Nacreous
Nacreous

‎14-Apr-2017 04:17 - last edited on ‎03-Jun-2023 11:33 by Fog

If you are referring to support ID then I assume you are using ASM. In that case then you need to create a custom signature. The instructions on how to do this can be found in the manual here and the content for your signature should be...

headercontent:"test1234";nocase;

There is no iRule needed for a blocking page to show a support ID. That is what will be shown by default when this signature is matched.

If on the other hand you are not using ASM then what kind of support ID were you after?

Go to solution
NickAD
Cirrus
Cirrus
In response to Kevin_Davies_40

‎21-Sep-2020 10:28

A bit late but I was new to ASM at the time and didn't fully understand the requirements. Looking back at this thread, I confused myself and wondered why I was asking this. But seeing the date, I remember what it was for and I remember using this at the time.

0 Kudos
Copyright © 2023 Khoros, LLC