Yoda_34023
Feb 27, 2007Nimbostratus
Combined Nimda/CodeRed and redirection with a wait time
Hi,
I'm trying to combine some great irules I received from the forum into a single script.
Here's my logic:
If the incoming request contains CodeRed or Nimda then log it. Send back a message to the client telling them you logged it and display their IP address (and any more information we can extract).
Now disgard the packet and then wait for 10 seconds, before redircting to the main site. (Not sure if this will work)
This is want I have done so far:
when HTTP_REQUEST {
set uri [string tolower [HTTP::uri]]
if { ($uri contains "default.ida")
or ($uri contains "cmd.exe")
or ($uri contains "root.exe")
or ($uri contains "admin.dll") }{
log local0. "Client: [IP::client_addr], requested
[HTTP::host]$uri and was discarded"
HTTP::respond 200 content "Message Title,We logged your IP do thing you should not be, your IP is [IP::client_addr]
Stop it or we will stop you
"
disgard
**** WOULD LIKE TO DISPLAY A REDIRECTING TO MAIN SITE IN 10 SECONDS, THEN REDIRECT IT ****
}