Block a User-Agent with an iRule

when HTTP_REQUEST { log local0. "User-Agent:[HTTP::header "User-Agent"]" if { [HTTP::header "User-Agent"] contains "Mozilla"} { drop log local0. "Rejected request: [IP::remote_addr] User-Agent:[string tolower [HTTP::header "User-Agent"]] requested [HTTP::host][HTTP::uri]" } }

Above irule works (tested on 11.4.0)

Mar 24 05:57:07 B7200-R3-S22 info tmm5[11470]: Rule /Common/jt-useragent-drop : Rejected request: 10.12.0.25 User-Agent:mozilla/5.0 (x11; linux x86_64; rv:10.0.12) gecko/20130109 firefox/10.0.12 requested 10.12.0.110/ Mar 24 05:57:49 B7200-R3-S22 info tmm6[11470]: Rule /Common/jt-useragent-drop : User-Agent:Mozilla/5.0 (X11; Linux x86_64; rv:10.0.12) Gecko/20130109 Firefox/10.0.12 Mar 24 05:57:49 B7200-R3-S22 info tmm6[11470]: Rule /Common/jt-useragent-drop : Rejected request: 10.12.0.25 User-Agent:mozilla/5.0 (x11; linux x86_64; rv:10.0.12) gecko/20130109 firefox/10.0.12 requested 10.12.0.110/