Need to convert a Pandora rule to an iRule
Hi again, I need to convert a rule that is looking to block Pandora/Dirt Jumper attack in ASM. The rule is looking to block the Pandora GET flood attack. So it is looking for the GET method, HTTP/1.0 protocol, a missing Accept header, a user-agent keyword Mozilla and a randomized referer. This is what I came up with:
when HTTP_REQUEST { if {not ([HTTP::header exists Accept]) and ([HTTP::version] equals "1.0") and ([HTTP::header "method"] equals "GET") and ([string tolower [HTTP::header User-Agent]] contains "Mozilla*") and not ([HTTP::header Referer] equals "")} { log local0. "Pandora/Dirt Jumper type 0 1 2 attack." reject } } Would someone be able to take a look at what I tried to write and tell me where I'm going wrong please?
Thank you!