Forum Discussion
jba3126
Jun 21, 2018Cirrus
I have the following iRule that at least the browser detection is working; however I'm uncertain as to how to test the tcp_rst action.
when BOTDEFENSE_ACTION {
if { [BOTDEFENSE::action] eq "browser_challenge" || [BOTDEFENSE::action] eq "tcp_rst" } {
set log "BOTDEFENSE:"
set hsl [HSL::open -proto TCP -pool /Common/HSL-Syslog]
append log " source [IP::remote_addr]"
append log " vs [virtual]"
append log " host [HTTP::host]"
append log " uri [HTTP::uri]"
append log " cs_possible [BOTDEFENSE::cs_possible]"
append log " cs_allowed [BOTDEFENSE::cs_allowed]"
append log " cs_attribute(device_id) [BOTDEFENSE::cs_attribute device_id]"
append log " cookie_status [BOTDEFENSE::cookie_status]"
append log " cookie_age [BOTDEFENSE::cookie_age]"
append log " device_id [BOTDEFENSE::device_id]"
append log " captcha_status [BOTDEFENSE::captcha_status]"
append log " captcha_age [BOTDEFENSE::captcha_age]"
append log " default action [BOTDEFENSE::action]"
append log " reason \"[BOTDEFENSE::reason]\""
Remove comment on line below if you want to see bot defense logs in /var/log/ltm
log local0. $log
HSL::send $hsl $log
}
}
/jeff