Sunday, October 31, 2010

Writing an F5 iRule to block traffic by user-agent

So, the F5's can do all kinds of swoopy things using the iRule scripting language. I've been playing around with simple ones.

Suppose I want to block all the traffic from a certain robot that advertises itself as having the user-agent field "AnnoyingRobot". I could use an iRule like this to block it:
when HTTP_REQUEST {
if { [HTTP::header "User-Agent"] contains "AnnoyingRobot" } {
drop
return }
}

The "contains" operator looks for a substring, so it'll catch "AnnoyingRobot/4.5" and "AnotherAnnoyingRobotButDifferent/mozilla".

The next step would be to have it search against a list of user-agents. The way to do this is with a "class" or "datagroup" (the terms appear to be interchangeable in F5-speak). So you can use the GUI to create a "string" type datagroup named "userAgentsToBlock" that contains:
AnnoyingRobot
RegisCustomUseragent
OtherStuffWeBlock

and then change the rule to be like this:
when HTTP_REQUEST {
if { [matchclass [HTTP::header "User-Agent"] contains $::userAgentsToBlock ] } {
drop
return }
}

Then apply that iRule to a given virtual server, and you're all set to drop traffic from user-agents you don't like.

No comments:

Post a Comment

Followers

About Me

My Photo
Regis has worked as a network engineer since 1994 for small companies and for large companies.