This iRule is strait forward, I am redirecting clients accessing a website using an older versions of IE to a browser friendly version. This is done by evaluating the HTTP request and identifying the browsers user-agent string. As part of the redirect the F5 presents a web page that informs the users their browser is unsupported instead of blindly redirecting them. It will auto redirect after a pre determined count down, this example is set for 15 seconds.
Disclaimer Microsoft does not make this easy, Compatibility modes and Document modes in IE can send a different user-agent string. For example IE 11 users running in Compatibility mode may still be redirected because their browser sends an MSIE 7.0 user-agent string. I am sure your could right variables that would check for compatibility in the user agent string, but iI chose not to.
Here is the iRule:
when RULE_INIT {
set static::refresh_time 15
set static::notification_page {
<html lang=\"en_US\">
<head><title>System Notification</title>
<meta http-equiv=\"Content-Type\" content=\"text/html; charset=us-ascii\">
<meta http-equiv=\"CACHE-CONTROL\" content=\"NO-CACHE\">
<meta http-equiv=\"PRAGMA\" content=\"NO-CACHE\">
<meta http-equiv=\"refresh\" content=\"15;URL=http://myspace.com">
</head>
<body>
<h1>System Notification</h1>
<hr>
<p>You are using an unsupported browser and will be redirected to Myspace.com</p>
<p>Wait $static::refresh_time seconds to continue, or click <a href=\"http://myspace.com\">here to continue.</a></p>
</body>
</html>
}
}
when HTTP_REQUEST {
switch -glob [ string tolower [HTTP::header User-Agent]] {
"*msie 10.0*" -
"*msie 9.0*" -
"*msie 8.0*" -
"*msie 7.0*" -
"*msie 6.*" {
HTTP::respond 200 content [subst $static::notification_page] Mime-Type "text/html"
log local0. "Client IP:[IP::client_addr] has been redirected with user agent :[HTTP::header User-Agent]"
}
default {
# go to a default location if nothing matches
}
}
}
The iRule below was spawn from a request to block access to specific URIs on a website and only allow access from whitelisted IP networks and hosts.
In my first attempt I used concatenated OR statements which worked but was less sexy and probably less efficient then the switch I ended up using.
As for the Data List in this example it's named "AllowedIPDatalist." I created a network data list not because it was efficient, its not, I wanted to make it easier for co workers that didn't feel comfortable editing an iRule a place to enter Networks and Hosts in a format they where used to.
when HTTP_REQUEST {
switch -glob [string tolower [HTTP::uri]] {
"*/uri/sample1*" -
"*/uri/sample2*" -
"*/uri/sample3*" {
if { !([matchclass [IP::client_addr] equals AllowedIPDatalist])} {
reject
log local0. "Client IP Discard: \ [IP::client_addr]:[TCP::client_port] -> [IP::local_addr]:[TCP::local_port]"
}
}
}
}
The Driftnet software is very strait forward and easy to install, it does get a little tricky to capture traffic if you are on a switched network. One way to capture traffic on a switched LAN is by deploying ARP poisoning, there are different ways to do this but ettercap and it’s GUI is probably the easiest.
Disclaimer... Do not do this on a network you do not own. There are network monitor systems that can identify computers performing ARP attacks on public networks this could be illegal. You are performing a man in the middle attack and all traffic will traverse your laptop for that network segment.
Now on to installing the tools. Using Ubuntu you can actually go to software install and update, make sure you allow all software sources and search for ettercap. Installing ettercap this way will install the GUI portion automatically, if you use apt-get it may not be in the repository.
Driftnet is even easier to install either use the software install and update tool or go to terminal window and type sudo apt-get install driftnet. Once everything is installed you are ready to start playing.
in driftnet all you have to do is type this:
sudo driftnet -i <interface>
and ti launch ettercap
sudo ettercap -G
then in the GUI
sniff—>unified sniffing (click ok on your interface and press Ctrl and s at the same time)
Mitm—>arp poisoning—->check sniff remote connection
start—>start sniffing
Thats it just wait for the other people to surf the web and pics will start showing up.
hope you guys like.
You Tube has revolutionized the web, and lucky for us part of that revolution has included the 10 hour YouTube video. I wanted to pick a couple favorites and luckily was able to narrow the list to just 191 videos.
I understand that not everyone has 239 days (don't worry those are 8 hr work days) to review these videos so I have decided to list my picks from best to worst.
1. Cantina Band - That's right Star Wars is hot right now and how can anyone not want to watch this video. I watched this video at work and some IT guy came by my desk and was like, " what the heck are you doing streaming all this video" when I showed him it was the Star Wars cantina band he was like " cool send me the link". So I did... https://youtu.be/FWO5Ai_a80M
2. Meow Mix - This video is a classic I mean it's a night club scene there are sick beats and cats, it is the perfect storm Internet video. The drop at 3:11:26 is dope well worth the wait. http://youtu.be/SbyZDq76T74
3. Nyan Cat - It's the internet so I needed to add another cat video so here it is. This video needs no explanation, come on it's crapping a rainbow. http://youtu.be/wZZ7oFKsKzY
4. Bees In The Trap - Samuel Jackson hits it out of the park with this one. It's kind of like listening to really good jazz, it's just smooth and mellow. Nice to see Samuel took another look at his acting career and made the move to music. He nailed this one. http://youtu.be/dh_7k2O5i7E
I understand that not everyone has 239 days (don't worry those are 8 hr work days) to review these videos so I have decided to list my picks from best to worst.
Here is a link to the remaining 187 videos http://www.youtube.com/playlist?list=PLE28CAB65DFFB5870