Help with a firewall rule

Tried lots of thing but nothing seems to work.

I need to Block access to URL1, URL2 and URL3 to people using this useragent “Symfony BrowserKit” , from the following coutries: Country1, Country2, and also to people using useragent “Symfony BrowserKit” from the following ASN: 123, 124, 125.

Can this be done in one single expression?

This is what doesn’t work

(http.request.uri eq “URL1”) or (http.request.uri eq “URL2”) or (http.request.uri eq “URL3” and http.user_agent eq “Symfony BrowserKit” and ip.geoip.country in {“CN” “KP”} and ip.geoip.asnum in {123 124 125})

Thanks!

Assuming you do not want to filter for specific hostnames you wouldn’t need http.request.uri but http.request.uri.path would work better and offer the in operator. In that case the following should do the trick

http.user_agent eq "Symfony BrowserKit" and (ip.geoip.asnum in {123 124 125} or (http.request.uri.path in {"/path1" "/path2"} and ip.geoip.country in {"CN" "KP"}))

Tried this and it only follows the last two rules. It will not consider the specific useragent and ASN. basically it applies the rule to any useragent and any ASN.

What I need is to block access to URL1 and URL2 to everyone using a specific useragent and is in a specific set of countries and also is in a specific set of ASN.

Considering there is an AND this rule will only first for the specified user agent. If it does not you won’t have set it up properly.

Post a screenshot of what you configured.

So it should be countries, ASN, and path? That was not what you originally asked.

In that case simply replace the OR with an AND.

Yes thanks. Apparently “AND” on every line works. Wasn’t sure how to use Or and AND

1 Like

This topic was automatically closed after 30 days. New replies are no longer allowed.