Forum Discussion

Nimbostratus

Feb 17, 2015

iRule that compares user agent string to a regular expression...

Anyone famialiar with creating an iRule that compares user agent string to a regular expression... Example-If string contains SQLmap, drop and write log record. Anytime this tool/browser.e...

Employee

Feb 17, 2015

This wouldn't require regex, unless there is more to what you are trying to accomplish.

when HTTP_REQUEST {
  if { [ string tolower [HTTP::header User-Agent]] contains "sqlmap"} {
  drop
  log local0. "Client  IP:[IP::client_addr] has been blocked with user agent :[HTTP::header User-Agent]"
  }
}

Code borrowed from other DevCentral post(s).

Forum Discussion

iRule that compares user agent string to a regular expression...

Recent Discussions

Enterprise Security best practices with F5 WAF

Disk space full - what files, folders are safe to delete?

ASM instance creation

BIG-IP DNS: Check Status Of Multiple Monitors Against Pool Member

Open Redirection Mitigation

Related Content

Advanced iRules: Regular Expressions

Parameter Value - Regular Expression

Using Perl Compatible Regular Expressions (PCRE) in Protocol Inspection Custom Signatures

LTM stream profile: Multiple replacements & regular expressions

Regular expressions in user_alert.conf