APM rule or access profile to block traffic from Apple devices via HTTP Header filters.

The quest to block Mac clients using the F5 APM access policy or an iRule continue. The access policy (attached or embedded image) did not work as expected.

 

In addition, one of my colleagues tried to accomplish the same goal by using an iRule.

 

when HTTP_REQUEST { switch -glob [string tolower [HTTP::header value User-Agent]] { "AppleExchangeWebServices" - "macoutlook" - "mac os x" - "mac+os+x" { reject } default { return } } }

 

This too, did not work completely. See log from Exchange 2013 server:

 

POST /EWS/Exchange.asmx - 444 xxxxx\xxxxx 1.1.1.1 AppleExchangeWebServices/287.4.1+Mail/3445.8.2

 

If anyone has any suggestions they would be greatly appreciated. If additional information is required please let me know.

 

Your using string tolower in the irule but want it to match against uppercase... AppleExchangeWebServices.

 

Could you test it with lowercases?

 

Cheers,

 

Kees

 

Hi,

as defined here: https://developers.whatismybrowser.com/useragents/explore/operating_system_name/mac-os-x/

mac os user agent seems to (don't take care about version):

Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_1) AppleWebKit/601.2.7 (KHTML, like Gecko) Version/9.0.1 Safari/601.2.7

when HTTP_REQUEST {

set useragent [HTTP::header value User-Agent]
set tolower_useragent [string tolower [HTTP::header value User-Agent]]


if {$useragent contains "Mac OS X" or $tolower_useragent contains "mac os x"} {
    log local0. "User Agent Info: $useragent - $tolower_useragent"
    reject
}

}

If it'w not working can you test the following irule (with regex for blank space):

when HTTP_REQUEST {

set useragent [HTTP::header value User-Agent]

if {$useragent matches_regex {.*(?i)mac.os.x.*} } {
    log local0. "User Agent Info: $useragent"
    reject
}

}

Hope it help you, keep me in touch if it's working.

regards