16-May-2021 00:47
I have been trying to write a security iRule for my organization that provides a basic security. Here is my code snippet where I am matching the useragent value with the provided patterns.
switch -glob $useragent {
"*havij*" -
"*zmeu*" -
"*sqlmap*" {
log local0. "Blocking this request due to detected user agent : "
reject
}
}
How do I print the detected pattern here? If I try to print the $useragent, I will be logging the entire useragent value instead of only the detected pattern. Any help would be greatly appreciated.
16-May-2021 12:40
Hello Akshay.
It's no possible to do it that way. You should differentiate each pattern.
switch -glob $useragent {
"*havij*" {
log local0. "Blocking this request due to detected user agent : *havij*"
reject
}
"*zmeu*" {
log local0. "Blocking this request due to detected user agent : *zmeu*"
reject
}
"*sqlmap*" {
log local0. "Blocking this request due to detected user agent : *sqlmap*"
reject
}
}
Regards,
Dario.