I think you could probably skip a strict regex implementation and use something like a set of data groups or a set of lists. Here's what it might look like with string-based data groups.
my_method_dg
"get" := ""
"head" := ""
"propfind" :=
"options" := ""
my_type_dg
"application/x-www-form-urlencoded" := ""
"multipart/form-data" := ""
"text/xml" :=
And the iRule:
when HTTP_REQUEST {
if { ( [class match [string tolower [HTTP::method]] contains my_method_dg] ) and ( [class match [string tolower [HTTP::header Content-Type]] contains my_type_dg] ) } {
log local0. "Request content type is not allowed by policy."
HTTP::respond 501 content "Request content type is not allowed by policy."
event disable
}
}
One other minor change was also required. The drop and HTTP::respond commands are mutually exclusive. One will respond with content and the other will simply drop the connection.