Forum Discussion
someguy_126006
Nov 04, 2016Nimbostratus
Have you tried, the below, where User-Agent is without quotes and has value?
when HTTP_REQUEST {
if { !(([HTTP::host] starts_with "website.co.uk") or ([HTTP::host] starts_with "www.website.co.uk";) or ([HTTP::host] starts_with "backup.mywebsite.co.uk") or ([HTTP::host] starts_with "www.backup.mywebsite.co.uk";)) } {
log local0. "blocked [HTTP::header value User-Agent] requesting [HTTP::host][HTTP::uri]"
discard
}
}
- cjuniorNov 04, 2016Nacreous
So, the "log" command out of "if" statement, will register log even that is not blocked, am I wrong?
- someguy_126006Nov 04, 2016Nimbostratus
Was a copy paste from the rule above, but yes, that is correct. I moved it up in though.
- NetworkTeam_178Nov 17, 2016Nimbostratus
Thanks for your help guys