cancel
Showing results for 
Search instead for 
Did you mean: 
Login & Join the DevCentral Connects Group to watch the Recorded LiveStream (May 12) on Basic iControl Security - show notes included.

irule to match string in /var/log/ltm

Mohanad
Cirrostratus
Cirrostratus

 

Hello

 

i need irule irule to match string in /var/log/ltm so i can take action

 

0691T00000F8ZEYQA3.png 

 

i need to match on diA

 

when BOTDEFENSE_ACTION { if {[$diA equals {"[AYrQyWEAAAAACxF5RBPJyPdDICteKxbw"}]} { set res [BOTDEFENSE::action tcp_rst] BOTDEFENSE::action custom_response "sorry\ni am blocking you\n" } }

error:

01220001:3: TCL error: /Common/DevID_Logging <BOTDEFENSE_ACTION> - can't read "diA": no such variable   while executing "$diA equals {"[AYrQyWEAAAAACxF5RBPJyPdDICteKxbw"}"

 

3 REPLIES 3

JRahm
Community Manager
Community Manager

where are you setting diA variable? even when that gets set, $diA will be evaluated as a command and fail as well with the brackets, so you'll want to rewrite that to something like:

 

if { $dia eq "..."} { set res ... }

I'm assuming your testing here, and likely you'll use tables to store the fingerprints? That'll be a lot of manual configuration of them otherwise.

I'm testing Device ID+ with ASM (PoC), i imported the iApp, and used the following irule, what i want to do something with it... im connecting to a website from another PC and i logged my device id and i want to blocked my pc.

 

when HTTP_REQUEST { if [HTTP::cookie exists _imp_apg_r_] { set deviceid [URI::decode [HTTP::cookie _imp_apg_r_]] log local0. "URL Decoded cookie is $deviceid" set deviceida [lindex [regexp -inline -- (?:"diA":")(.*?)(?:") $deviceid] 1] log local0. "diA = $deviceida" set deviceidb [lindex [regexp -inline -- (?:"diB":")(.*?)(?:") $deviceid] 1] log local0. "diB = $deviceidb" log local0. "IP is [IP::client_addr]" log local0. "Path os [HTTP::path]" } else { log local0. "No cookie" } }

 

Hello Mohanad,

based on logging instruction on line 6, the variable that will contain diA is $deviceida

 

$diA does not exist in your code, there is no such line that sets diA variable/value pair

 

Moreover, as Jason already mentioned, your if statement will fail since you are using square brackets incorrectly -- to keep it simple their purpose in iRule would be for retrieving packet data such as [HTTP::header] , or for operations such as line 5 of your code where you calculate diA (read TCL references for a complete overview)

 

You will need to adjust BOTDEFENSE_ACTION if statement as follows:

when BOTDEFENSE_ACTION { if { $deviceida equals "AYrQyWEAAAAACxF5RBPJyPdDICteKxbw" } { set res [BOTDEFENSE::action tcp_rst] BOTDEFENSE::action custom_response "sorry\ni am blocking you\n" } }