Forum Discussion

Eric_Weiss_2486's avatar
Eric_Weiss_2486
Icon for Nimbostratus rankNimbostratus
Feb 22, 2016

Question on syntax of iRule

Hello,   I'm struggling with syntax on the following, and was wondering if anyone had suggestions. I've tried combining Mozilla and Opera using '||', but that seemed to produce the same error (be...
BIG-IP
iRules
security
AaronJB's avatar
AaronJB
Icon for SIRT rankSIRT

I think the problem is you've enclosed the expression operators with brackets () rather than braces {}, this should work:

when HTTP_REQUEST {
    if { 
            {
                [HTTP::header value "User-Agent"] contains "Mozilla"
                || [HTTP::header value "User-Agent"] contains "Opera"
            }
        && [string tolower [HTTP::uri]] matches_regex {restservicestest}
        && { not [HTTP::cookie names] contains ".test" }
    } then { 
        reject
        log local0. "Client browser trying to connect to REST Host:[HTTP::host]; URI = [HTTP::uri] No SSO Cookie Detected, Client IP:[IP::client_addr] has been blocked" 
    }
}
Eric_Weiss_2486's avatar
Eric_Weiss_2486
Icon for Nimbostratus rankNimbostratus
Feb 23, 2016
I'm not seeing a way to check the contents of all cookies for '.fb'. I suspect that the reason { not [HTTP::cookie names] contains ".fb" } isn't working is that Windows desktop obscures the cookie names. If you view cookie files in Internet Explorer options, it shows all the cookie names ending in .fb. When I look locally on the filesystem, under Windows temp, I'm seeing all of those renamed cryptically, with .txt on the end. Due to that, I need to check the contents of cookies themselves for .fb