blocking content with iRules

There were actually a few syntax and logic errors in the rule. There needs to be a space between local0. and the start of the log text. The open parenthesis shouldn't be there. And IP::server_addr is invalid in HTTP_REQUEST as no server side connection has been established. Assuming you want to check the client IP against the Host datagroup, you can try this:

 
 when HTTP_REQUEST { 
  
     Log a debug message with client IP:port and the class contents 
    log local0. "[IP::client_addr]:[TCP::client_port]: class \$::badStrings: $::badStrings" 
  
     Check if the client IP is part of the hosts datagroup 
    if { [matchclass [IP::server_addr] equals $::Hosts]}{ 
  
        Log a debug message indicating the client IP matched the Hosts class 
       log local0. "[IP::client_addr]:[TCP::client_port]: matched Hosts class \$::Hosts: $::Hosts" 
  
        Check if the requested URI contains any known bad strings 
       if { [matchclass [string tolower [HTTP::uri]] contains $::badStrings]}{  
  
           Log a debug message indicating the client matched the Host class and had a bad string in the URI 
          log local0. "Matched server IP and found bad string in [HTTP::uri]: entry [matchclass [string tolower [HTTP::uri]] contains $::badStrings]"  
  
   Drop the TCP connection  
  drop  
       } 
    } 
 } 
 

I added more logging so you can follow what's happening if it doesn't work. Once you've tested the rule, you should comment out or remove the log statements to save disk space and CPU resources.

Aaron

And as you mentioned logging can be found in the

 

 

/var/log/ltm ?

 

 

Thanks!