Patti_G_72768
Oct 31, 2013Nimbostratus
Need help with iRule to detect LOIC/HOIC client
Hi all, the latest rule I'm working on is supposed to detect a LOIC/HOIC client. The rule is supposed to look for the following in the uri query string (not case sensitive): 1) "msg" 2) "id" 3) random 6 character value
Here is what I have so far:
when HTTP_REQUEST {
if {([string tolower [HTTP::uri]] contains "id") and ([string tolower [HTTP::uri]] contains "msg") and ([string tolower [HTTP::uri]] matches_regex{[a-zA-Z0-9$-_.+!*'(),~:/?[]@&;=]})}
{
log local0. "Detected LOIC/HOIC client request based on query string."
reject
}
}
Would someone be able to take a look at the iRule and let me know what I need to change or what I have wrong please? I'm also having a problem with setting it to a 6 character value.
Thanks!