when HTTP_REQUEST {
log local0. "User-Agent:[HTTP::header "User-Agent"]"
if { [HTTP::header "User-Agent"] contains "Mozilla"}
{
drop
log local0. "Rejected request: [IP::remote_addr] User-Agent:[string tolower [HTTP::header "User-Agent"]] requested [HTTP::host][HTTP::uri]" }
}
Above irule works (tested on 11.4.0)
Mar 24 05:57:07 B7200-R3-S22 info tmm5[11470]: Rule /Common/jt-useragent-drop : Rejected request: 10.12.0.25 User-Agent:mozilla/5.0 (x11; linux x86_64; rv:10.0.12) gecko/20130109 firefox/10.0.12 requested 10.12.0.110/
Mar 24 05:57:49 B7200-R3-S22 info tmm6[11470]: Rule /Common/jt-useragent-drop : User-Agent:Mozilla/5.0 (X11; Linux x86_64; rv:10.0.12) Gecko/20130109 Firefox/10.0.12
Mar 24 05:57:49 B7200-R3-S22 info tmm6[11470]: Rule /Common/jt-useragent-drop : Rejected request: 10.12.0.25 User-Agent:mozilla/5.0 (x11; linux x86_64; rv:10.0.12) gecko/20130109 firefox/10.0.12 requested 10.12.0.110/