NimbostratusHI Can we get some help to achieve the below
If the below condition matches we need to block the connection and rest all should be permited.
IP is from the following subnets
( src net 1.1.0.0/16 or src net 2.2.0.0/16 or src net 3.3.0.0/16 )
AND
the string ’Software Version7.13’ IS IN request body
AND
the string 'Hardware VersionHA1’ IS IN request body
AND
the string ‘1 BOOT’ IS NOT IN request body
NacreousFor the IP blocking you would need to check IP::client_addr (this code with switch not tested BTW
switch -glob [IP:addr [IP::client_addr]] {
"1.1.*" -
"2.2.*" -
"3.3." {
reject
}
}For the XML - try here
Alternatively you would have to HTTP::collect and then use the HTTP_REQUEST_DATA event to search the body for the offending data.
Not sure if anyone is feeling more generous and wants to provide a full rule for you?
CirrostratusHTTP traffic? This could be quite intensive if it's going to be done on every request for those IPs in the restricted range.
CirrusYou can also do it this way if you are only concerned about teh IP address. If you also need to look at the HTTP headers, you would require a more elaborate which coule be processor intensive as mentioned in the previous comment. iRuleIP_Addr_Block_List is a Data Group List which will contain the IP addresses/Networks that need to be blocked
when CLIENT_ACCEPTED{
if { [class match [IP::client_addr] equals $::IP_Addr_Block_List ] } {
TCP::close
} else {
return
}
}
NimbostratusCirrusYou can do something similar to this:
when HTTP_REQUEST {
if { ([class match [IP::client_addr] equals IP_Throttle_List ]) and (HTTP::header exists "Blah Blah") } {
HTTP::close
Or TCP::close. Depends on your requirement
} else {
return
}
}