user agent
6 TopicsBlock HTTPS access from specific user agent
Dear community, I want to block HTTPS access from specific user agent(UA). I found this topic following, https://devcentral.f5.com/questions/block-a-user-agent-with-an-irule and I want some idea to arrange this iRule as following. -I want to show "404" to this access and reject to accessing our web server. -I sometime want to allow specific IP address using blocked UA. How can I make such exception? the original one is below. when HTTPS_REQUEST { log local0. "User-Agent:[HTTPS::header "User-Agent"]" if { [string tolower [HTTPS::header "User-Agent"]] == "mozilla/4.0"} { drop log local0. "Rejected request: [IP::remote_addr] User-Agent:[string tolower [HTTPS::header "User-Agent"]] requested [HTTPS::host][HTTP::uri]" } } Thanks in advance for your help, Naoki501Views0likes3CommentsiRule with User Agent to allow iphone and android, but block everything else
I have read a bunch of articles/questions/answers regarding irules and how to block user agents. I am relatively comfortable blocking a browser or taking an action based on looking at the user agent, but I'm having trouble with syntax. I have an application that we want to allow access to when using an iphone or android (via the app), but we want to block access when users try to access the site via a browser. After logging the attempts when accessing the app via the ios device and android device I can see that in the user agent string the ios device inserted "iphone" and the android device inserted "android". As a simple test it seems like if I wrote an irule that says "if the user agent has iphone or android in the user-agent then do the following, but if it doesn't then redirect it to another site. However, the redirect works, but it ends up breaking the iphone app. Here is the irule I had in place before trying to block the browsers (cause the app owner said I needed to have this redirect in place) when HTTP_REQUEST { Check if path is / if {[HTTP::path] eq "/"}{ Send 302 redirect to the new location HTTP::redirect https://[HTTP::host]/PATH/GOES/HERE } } Now when I add the following it redirects me to the test site when I access the site from a browser on my windows machine, but in turn it breaks the iphone app. when HTTP_REQUEST { if { [HTTP::header User-Agent] != "iphone"} { HTTP::redirect http://www.testsitegoeshere.com } if {[HTTP::path] eq "/"}{ Send 302 redirect to the new location HTTP::redirect https://[HTTP::host]/PATH/GOES/HERE } } In the end all I'm trying to do is block anything that is not identifying itself as an ios or android device (by block I mean redirect them elsewhere)...and if they are an ios or android device then I simply want to let them in redirect them if their path is "/" to the "PATH/GOES/HERE" URI that works when I take off the iphone text. And oh yeah, I cannot figure out how to make a statement that says "if the user agent contains iphone or android" or "if the user agent does not contain iphone or android". Every attempt I made to do this resulted in some form of syntax error. Any guidance would be appreciated.466Views0likes1CommentLog SSL Cipher Version and User Agent Info
Hi I need to log if there are connections using SSLv3 Cipher before disabling it. I'm using this code: when CLIENTSSL_HANDSHAKE { ISTATS::incr "ltm.virtual [virtual name] c [SSL::cipher version]" 1 } if { ( [SSL::cipher version] contains "SSL" ) or ( [SSL::cipher name] contains "RC4" ) or ( [SSL::cipher bits] < 128 ) } then { set invalid_ssl 1 } else { set invalid_ssl 0 } } That way I get the usage of the different Cipher versions but there isn't any information about OS or Browser. That info is in [HTTP::header User-Agent] but can't be used inside CLIENTSSL_HANDSHAKE. It could be done in HTTP_REQUEST but it would be executed serveral times for the same session and the stats wouldn't be reliable How could I log the Cipher Version and User-Agent data just once for each session? Thanks422Views0likes3CommentsGeoblock exception based on user agent
Hi, We have Geo-blocking enabled for one of our apps and want to allow access from a third party tool that has a very specific user agent. Is it possible to allow requests from a geo blocked location when the user agent matches a particular string? Thank you.307Views0likes1CommentRedirect iRule that includes Operating System?
Hi - I'm working on building my first iRule for my LTM's. We want to redirect users based on user agent header info but along with the type of browser we want to also specify the users OS. I see the agent header info should have this data - "msie 8.0; windows nt 5.1" is anyone else doing this? Is this possible to accomplish without redirecting everyone using "MSIE 8.0" - only users with Windows XP? An example of what I have put together: when HTTP_REQUEST { if { [string tolower [HTTP::host][HTTP::uri]] contains "www.newsite.example.com" } { switch -glob [string tolower [HTTP::header User-Agent]] { "windows nt 5.1" - "android 2.3" { HTTP::redirect "http://www.browser-OS-refused.example.com" } } } }241Views0likes2Comments