Hi ,
I have a bit more general approach than . It will use a regex instead of hard coded IP address.
Tested on 15.2 and seems to do what it is supposed to do.
when HTTP_REQUEST {
if { [scan [HTTP::host] %d.%d.%d.%d a b c d] == 4 && 0 <= $a && $a <= 255 && 0 <= $b && $b <= 255 && 0 <= $c && $c <= 255 && 0 <= $d && $d <= 255} {
#log local0. "Invalid hostname: [HTTP::host]"
drop
} else {
#log local0. "Valid hostname: [HTTP::host]"
return
}
}
The regex I simply stole from here: wiki.tcl-lang.org >> Regular Expression Examples
It is supposed to check whether the string in HTTP::host matches the syntax of an IP address.