Forum Discussion
Kai_Wilke
Feb 25, 2016MVP
Hi Eric,
I can only repeat the answer I gave you in your last post...
https://devcentral.f5.com/questions?pid=44725answer132972
when HTTP_REQUEST {
set LogString "Client [IP::client_addr]:[TCP::client_port] -> [HTTP::host][HTTP::uri]"
log local0. "============================================="
log local0. "$LogString (request)"
foreach aHeader [HTTP::header names] {
Print the header info
log local0. "$aHeader: [HTTP::header value $aHeader]"
}
foreach aCookie [HTTP::cookie names] {
Log the cookie name and value
log local0. "Cookie Name: $aCookie, Cookie value: [HTTP::cookie value $aCookie]"
}
if { (( [HTTP::header value "User-Agent"] contains "Mozilla" ) or
( [HTTP::header value "User-Agent"] contains "Opera" ) or
( [HTTP::header value "User-Agent"] contains "curl" )) and
( [string tolower [HTTP::uri]] matches_regex {restservicestest} ) and
not ( [HTTP::cookie names] contains ".fb" )
} then {
reject
log local0. "Client browser connection to REST Host:[HTTP::host]; URI=[HTTP::uri]. No SSO Cookie Detected in Header, Client IP:[IP::client_addr] has been blocked"
log local0. "============================================="
} else {
log local0. "Client browser connection to REST Host:[HTTP::host]; URI=[HTTP::uri] for Client IP:[IP::client_addr] allowed!"
log local0. "============================================="
}
}
... to show you that this syntax is working you may try this test snipped...
set user_agent "Blah Mozilla Blah"
set http_uri "/folder/restservicestest/folder/file.txt"
set cookie_names "cookie1 cookie.fb cookie2"
set LogString "Client [IP::client_addr]:[TCP::client_port] -> [HTTP::host][HTTP::uri]"
log local0. "============================================="
log local0. "$LogString (request)"
if { (( $user_agent contains "Mozilla" ) or
( $user_agent contains "Opera" ) or
( $user_agent contains "curl" )) and
( [string tolower $http_uri] matches_regex {restservicestest} ) and
not ( $cookie_names contains ".fb" )
} then {
reject
log local0. "Client browser connection to REST Host:[HTTP::host]; URI=[HTTP::uri]. No SSO Cookie Detected in Header, Client IP:[IP::client_addr] has been blocked"
log local0. "============================================="
} else {
log local0. "Client browser connection to REST Host:[HTTP::host]; URI=[HTTP::uri] for Client IP:[IP::client_addr] allowed!"
log local0. "============================================="
}
As already Noted: The iRule implements is a typical Blacklist. So it wouldn't block unknown "User-Agents" and/or unknown URIs. If this is not desired for you, then change the iRule to become a Whitelist where you allow just certain User-Agents, certain URIs and then enforce the Cookie to be present. And then block everything else which is not explicitly whitelisted...
White-List approach
when HTTP_REQUEST {
set LogString "Client [IP::client_addr]:[TCP::client_port] -> [HTTP::host][HTTP::uri]"
log local0. "============================================="
log local0. "$LogString (request)"
foreach aHeader [HTTP::header names] {
Print the header info
log local0. "$aHeader: [HTTP::header value $aHeader]"
}
foreach aCookie [HTTP::cookie names] {
Log the cookie name and value
log local0. "Cookie Name: $aCookie, Cookie value: [HTTP::cookie value $aCookie]"
}
if { (( [HTTP::header value "User-Agent"] contains "Mozilla" ) or
( [HTTP::header value "User-Agent"] contains "Opera" ) or
( [HTTP::header value "User-Agent"] contains "curl" )) and
( [string tolower [HTTP::uri]] matches_regex {restservicestest} ) and
( [HTTP::cookie names] contains ".fb" )
} then {
log local0. "Client browser connection to REST Host:[HTTP::host]; URI=[HTTP::uri] for Client IP:[IP::client_addr] allowed!"
log local0. "============================================="
} else {
reject
log local0. "Client IP:[IP::client_addr], User-Agent:[HTTP::header value "User-Agent"] and Cookies:[HTTP::cookie names] connection to REST Host:[HTTP::host]; URI=[HTTP::uri] has been blocked"
log local0. "============================================="
}
}
Cheers, Kai