Forum Discussion

Nimbostratus

Sep 07, 2017

Custom Attack Signature to block request with No UA or Referer

I want to be able to check and see if the request is missing both the User-Agent String and the Referer, and possibly block the request. So I know I can do this with an iRule, but I am wanting to tr...

Cirrostratus

Sep 07, 2017

Hi Mike,

I think configuring mandatory headers will be help. Please find the below link.

https://support.f5.com/kb/en-us/products/big-ip_asm/manuals/product/asm-implementations-12-1-0/29.htmlunique_2103859402

Mike_Maher

Nimbostratus

Sep 11, 2017

Thanks for the suggestion, I had not thought about that and it is an interesting solution. The site I am working with is very dynamic and that list may be difficult to maintain. I do appreciate the feed back though, and I am going to keep that iRule idea in my back pocket as it may work well for other solutions in the future.

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)