Forum Discussion

Nimbostratus

Jan 24, 2018

Irule to block Requests with specific word

Hello All, I've many websites hosted behind F5 Lately im getting alot of spam through the "contact-us" form with a specific words like " viagra " or something like that. Is there any possible way to...

Nacreous

Jan 24, 2018

Updated post with fully working iRule using datagroup

Datagroup:

ltm data-group internal restricted_dg {
    records {
        restricted {}
    }
    type string
}

Testing

curl --data "param1=restricted&param2=notrestricted" http://10.1.1.1

Jan 24 14:13:20 BIGIP info tmm1[19064]: Rule /Common/ls-http-collect : Rejecting restricted content

iRule:

when HTTP_REQUEST {
    if {[HTTP::header exists "Content-Length"] && [HTTP::header "Content-Length"] <= 1048576} {
        set content_length [HTTP::header value "Content-Length"]
    } else {
        set content_length 1048576
    }

    if { $content_length > 0} {
        if {[HTTP::method] eq "POST"} {
            HTTP::collect [HTTP::header "Content-Length"]
        }
    } else {
        log local0. "ERROR! Content Length = $content_length"
    }
}

when HTTP_REQUEST_DATA {
    set payload [HTTP::payload]
    if {[class match $payload contains "restricted_dg"]} {
        log local0. "Rejecting restricted content" 
        reject
    }
}

Forum Discussion

Irule to block Requests with specific word

Recent Discussions

Rundeck ansible F5 errors

What is the meaning is 52% block in WAF

rewrite Azure AD response for portal access via web portal

AS3 Monitoring multiple ports selectively

Open Redirection Mitigation

Related Content

iRule Help - if specific URL, redirect, else display a maintenance page

ASM disable violations alarm just for specific requests

OCSP: Bad Request

Replace an header authorization request with policy or iRule doesn't work ...

iRule on GTM to allow a specific IP to a specific node