這是本文件的舊版!
HTTP Protocol Validation
- Only accept right FDQN request, otherwise deny or redirect it to portect your real server.
- Useful to clean HTTP (port 80) robot scan.
- Deny not acceptable HTTP method
- Deny incorrect HTTP version
Requirement
- Service Type: HTTP / HTTPS
Code
when HTTP_REQUEST { # Check method first. if { [HTTP::method] == "GET" || [HTTP::method] == "POST" } { # do nothing } else { log local0. "[IP::remote_addr]->[IP::local_addr]:[TCP::local_port] method wrong." HTTP::redirect "http://www.au.edu.tw" } # Check HTTP version. if { [HTTP::version] eq "1.0" || [HTTP::version] eq "1.1" } { # do nothing } else { log local0. "[IP::remote_addr]->[IP::local_addr]:[TCP::local_port] version wrong." HTTP::redirect "http://www.au.edu.tw" } # Check FQDN. if { [string tolower [HTTP::host]] contains "www.jal.tw"} { # use specify service group pool www_service_group } elseif { [string tolower [HTTP::host]] ends_with "jal.tw"} { # do nothing use default service group. } else { log local0. "[IP::remote_addr]->[IP::local_addr]:[TCP::local_port] FQDN failed." HTTP::redirect "https://www.google.com" } }