terri8502
Mar 08, 2022Nimbostratus
Requesting Assist with iRule Please
Hi All, I have F5LTM version 16.1.2. I need to make an irule to stop NetSparker from scanning our web servers. I can identify them with the x_scanner variable in the header. I followed K31914583 w...
- Mar 09, 2022
Hi there,
The K31914583 article assumes that you have created a data group. In your example above that data group would be called Netsparker. Also is the header name x-scanner or x_scanner?
Seeing as you are only after one value I would not use the data group.
You can use an irule to do this for you such as below,
when HTTP_REQUEST { if { string tolower [HTTP::header "X-Scanner"]] contains "netsparker"] } { drop } }
or you may want to look at using a traffic policy to do this for you, something like this. You can also include additional actions such as logging to the policy.
Don't forget to apply the irule and/or policy to your VS, make sure you test this before applying to production traffic.
Good luck
Mark