30-Dec-2021
04:32
- last edited on
05-Jun-2023
23:01
by
JimmyPackets
Hello
i need irule irule to match string in /var/log/ltm so i can take action
i need to match on diA
when BOTDEFENSE_ACTION {
if {[$diA equals {"[AYrQyWEAAAAACxF5RBPJyPdDICteKxbw"}]} {
set res [BOTDEFENSE::action tcp_rst]
BOTDEFENSE::action custom_response "sorry\ni am blocking you\n"
}
}
error:
01220001:3: TCL error: /Common/DevID_Logging <BOTDEFENSE_ACTION> - can't read "diA": no such variable while executing "$diA equals {"[AYrQyWEAAAAACxF5RBPJyPdDICteKxbw"}"
30-Dec-2021
09:59
- last edited on
04-Jun-2023
19:14
by
JimmyPackets
where are you setting diA variable? even when that gets set, $diA will be evaluated as a command and fail as well with the brackets, so you'll want to rewrite that to something like:
if { $dia eq "..."} {
set res ...
}
I'm assuming your testing here, and likely you'll use tables to store the fingerprints? That'll be a lot of manual configuration of them otherwise.
31-Dec-2021
08:41
- last edited on
04-Jun-2023
19:14
by
JimmyPackets
I'm testing Device ID+ with ASM (PoC), i imported the iApp, and used the following irule, what i want to do something with it... im connecting to a website from another PC and i logged my device id and i want to blocked my pc.
when HTTP_REQUEST {
if [HTTP::cookie exists _imp_apg_r_] {
set deviceid [URI::decode [HTTP::cookie _imp_apg_r_]]
log local0. "URL Decoded cookie is $deviceid"
set deviceida [lindex [regexp -inline -- (?:"diA":")(.*?)(?:") $deviceid] 1]
log local0. "diA = $deviceida"
set deviceidb [lindex [regexp -inline -- (?:"diB":")(.*?)(?:") $deviceid] 1]
log local0. "diB = $deviceidb"
log local0. "IP is [IP::client_addr]"
log local0. "Path os [HTTP::path]"
} else {
log local0. "No cookie"
}
}
04-Jan-2022
07:15
- last edited on
21-Nov-2022
11:58
by
dcapiuser
Hello Mohanad,
based on logging instruction on line 6, the variable that will contain diA is $deviceida
$diA does not exist in your code, there is no such line that sets diA variable/value pair
Moreover, as Jason already mentioned, your if statement will fail since you are using square brackets incorrectly -- to keep it simple their purpose in iRule would be for retrieving packet data such as [HTTP::header] , or for operations such as line 5 of your code where you calculate diA (read TCL references for a complete overview)
You will need to adjust BOTDEFENSE_ACTION if statement as follows:
when BOTDEFENSE_ACTION {
if { $deviceida equals "AYrQyWEAAAAACxF5RBPJyPdDICteKxbw" } {
set res [BOTDEFENSE::action tcp_rst]
BOTDEFENSE::action custom_response "sorry\ni am blocking you\n"
}
}