block request on page type - help

Question

Hi there everyone,

At our shop, we would like to setup an iRule that will either deny access or drop request based on a request type.  For example, if a request comes in for /*.php we would like the request to not make it to our web servers.  We are .net and .cf shop but we get tons of request for .php files. Most of these are bots looking for know exploits and it is overwhelming our web servers.

I have inherited the current setup we have and i'm new to irules so any pointers would be greatly appreciated.

Thanks.

yaxzone_100047 · Answer

Looking at various rules, i've put together the following...   Any ideas anyone? 
&nbsp;  
&nbsp; when HTTP_REQUEST { 
&nbsp;    if {[HTTP::uri] contains ".php"]} { 
&nbsp;       HTTP::redirect "http://www.google.com" 
&nbsp;       drop 
&nbsp;    } 
&nbsp; } &nbsp;

hooleylist · Answer

You could be more specific and check the HTTP path (URI minus the query string):

when HTTP_REQUEST {

Check for unwanted filetypes
   switch -glob [string tolower [HTTP::path]] {
      "*.php" -
      "*.exe" -
      "*.dll" {
         Reset the TCP connection
         reject
      }
   }
}

Aaron

yaxzone_100047 · Answer

hoolio,  
&nbsp;  
&nbsp; Thanks a lot.  I will give that a try.  &nbsp;

Forum Discussion

block request on page type - help

3 Replies

Recent Discussions

F5 loadbalancer not working

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Pricing when used with aws waf

F5 terminal - help to run commands - disk space full

import live updates from version x to version y

Related Content

SSL Orchestrator Advanced Use Cases: Custom Blocking Pages

ASM Sanitize Blocking Page Requests

ASM block page for use with API waf policy

Irule for diverting blocked gelocation users to a page

Beware, your logs - how blocked log4shell, Spring4Shell etc requests can still lead to compromise