barry_8239
Jun 24, 2013Nimbostratus
allow rule vs deny
I would like to add a new irule which permits all previous versions of Apple IOS from 6.145 and will deny anything release thereafter. This is our current rule
when HTTP_REQUEST {
switch -glob [string tolower [HTTP::header User-Agent]] {
"*1002.14[0-4]*" {
if { [HTTP::uri] contains "Cmd=MeetingResponse" } {
reject
log local0. "Denied iOS 6.1 Device SNAT src=[IP::client_addr] src_port=[TCP::client_port], dst=[IP::local_addr] dst_port=[TCP::local_port], virtual=[virtual name]"
}
}
}
}
Thank in advance.