Posted By Puli on 01/11/2011 10:10 AM
Thanks. We use Big-IP 9.4.6 Build 401.0.
Appreciate your reply. I'll do some load test on it and see if there's any impact to performance.
thanks again.
Puli.
Need to use "matchclass" instead of "class match" then.
when RULE_INIT {
Default amount of request payload to collect (in bytes)
set static::collect_length 2048
}
when HTTP_REQUEST {
Only check POST requests
if { [HTTP::method] eq "POST" } {
Check for a non-existent Content-Length header
if {[HTTP::header Content-Length] eq ""}{
Use default collect length of 2k for POSTs without a Content-Length header
set collect_length $static::collect_length
} elseif {[HTTP::header Content-Length] == 0}{
Don't try collect a payload if there isn't one
unset collect_length
} elseif {[HTTP::header Content-Length] > $static::collect_length}{
Use default collect length
set collect_length $static::collect_length
} else {
Collect the actual payload length
set collect_length [HTTP::header Content-Length]
}
If the POST Content-Length isn't 0, collect (a portion of) the payload
if {[info exists collect_length]}{
Trigger collection of the request payload
HTTP::collect $collect_length
}
}
}
when HTTP_REQUEST_DATA {
if { [matchclass [HTTP::payload] contains dg_blocked] }{
HTTP::respond 403 "Blocked"
}
}