Forum Discussion
balias_16512
Feb 10, 2013Nimbostratus
when HTTP_REQUEST {
if {[HTTP::header "User-Agent"] matches_regex {^Apple.*1002.*} } {
if { [HTTP::uri] contains "Cmd=MeetingResponse" } {
log 10.10.10.1 local0.info "Denied iOS 6.1 Device SNAT src=[IP::client_addr] src_port=[TCP::client_port], snat_src=[IP::local_addr] snat_src_port=[TCP::local_port], dst=[IP::server_addr] dst_port=[TCP::server_port]"
reject
}
}
}
Above is the complete iRule we placed in the TMG virtual server. We see several client IP's that are looped with above 60,000 denies and it goes down from there to about 7 cilents with denies above 3,000 the rest are below 300.