Forum Discussion

Reginald_Sible1's avatar
Reginald_Sible1
Icon for Nimbostratus rankNimbostratus
Feb 17, 2015

iRule that compares user agent string to a regular expression...

Anyone famialiar with creating an iRule that compares user agent string to a regular expression...

 

Example-If string contains SQLmap, drop and write log record.

 

Anytime this tool/browser.etc. hits our server drop and log... no response

 

Please help..

 

2 Replies

  • This wouldn't require regex, unless there is more to what you are trying to accomplish.

     

    when HTTP_REQUEST {
      if { [ string tolower [HTTP::header User-Agent]] contains "sqlmap"} {
      drop
      log local0. "Client  IP:[IP::client_addr] has been blocked with user agent :[HTTP::header User-Agent]"
      }
    }

    Code borrowed from other DevCentral post(s).