My securitypeople want me to drop connections if a http header , like PISA_ID is coming from a client. I don´t need to look into the header, just drop connection if the header is there. Any suggestion to solve this will be welcome. I am running version 4.2.7
Sorry for that. I overlooked something in the documentation. The policy has to have a serverfarm associated with it. So if you create a dummy serverfarm with some IP address that the CSM cannot reach, it should start working as expected. See my modified example below:
map DROP-PISA_ROLE header
match protocol http header ROLE header-value *
no nat client
nat client NAT
virtual 192.168.180.91 tcp www
Let me know if this does the trick for you.