Forum Discussion
Hello Chen Zhe,
What are you trying to achieve? If you want to block all requests which don't contains any of these 4 headers, then it would be better just create such rule in iRule or you can create attack signature with such rule (e.g content:!"access-token"; nocase; content:!"authentication"; nocase;....)
Thanks, Ivan
- Chen_ZheJul 13, 2020Altostratus
Hi Ivan,
thank you!
Achieve you guess is right,detail: block all request which don't contains any of these 4 headers,unless shome HOST or host+uri .
but,rules didn't work as I expected。
when hit whilelist fist,at the end rules it hit discard again.
when HTTP_REQUEST {
if {[HTTP::header exists token] or [HTTP::header exists access-token] or [HTTP::header exists authentication] or [HTTP::header exists authorization]}{
ASM::enable "/Common/base-on-header-string"
}
#following all fuction is whitelist.
if { [class match [HTTP::host] contains domain_whiltlist] } {
ASM::enable "/Common/base-on-header-string"
}
if { [HTTP::host] == "meetingroomip-uat.bba-app.com" || [HTTP::host] == "meeting-inspection.bba-app.biz" } {
if {[class match [HTTP::uri] contains meeting] } {
ASM::enable "/Common/base-on-header-string"
}
}
if { [HTTP::host] == "bestyou-uat.bba-app.com" || [HTTP::host] == "bestyou.bba-app.biz" } {
if { [class match [HTTP::uri] contains bestyou] } {
ASM::enable "/Common/base-on-header-string"
}
}
else{
discard
}
- Ivan_ChernenkiiJul 13, 2020Employee
I didn't get your further "whitelist" part...
Do you want not enforce in case of whitelist?.. then you need ASM: disable.
Also, you have
when HTTP_REQUEST {
if {[HTTP::header exists token] or [HTTP::header exists access-token] or [HTTP::header exists authentication] or [HTTP::header exists authorization]}{
ASM::enable "/Common/base-on-header-string"
}
which means apply ASM policy in case of at least one header exists... While AFAIU you didn't want to block it. Please, clarify.
- Chen_ZheJul 14, 2020Altostratus
thank you for your reply, forgot it.
I changed irules to meet the requirements, but I encountered problems related to if, elseif, else. and i asked new question.