Forum Discussion
Brett__01_13258
Nimbostratus
Nimbostratus2 http request rules merge to one - one referer the other set access only
Hi I have two rules that work individually. But when i try and combine get no luck and just redirects everything to the default location.
The first rule is to only allow the uri path in the irule,...
Brett__01_13258Nimbostratus
NimbostratusThanks for the reply guys and they got me wondering if i was doing the best way.
Now going to accept all except the part of the url i dont want to give access and use cookies as the allowed access.
So have decided to go with two other rules instead and will merge these together.
Is this a better way to go?
when HTTP_REQUEST {
Check for referer
if { ([HTTP::header Referer] starts_with "http://allowsite.com") } {
log local0. "Our referer is - [URI::host [HTTP::header Referer]]"
Check for cookie
if { not ( [HTTP::cookie value ACCESS-AUTHORIZED] contains "Go1234") } {
log local0. "Does a cookie exist? [HTTP::cookie exists IMHERE-COOKIE] ...Lets set a cookie"
set ckname " ACCESS-AUTHORIZED "
set ckvalue "Go1234"
set cookie [format "%s=%s; path=/; domain=%s" $ckname $ckvalue "mysite.com.au"]
set cookie [format "%s=%s; path=/; expires=[clock format [expr {[clock seconds]+300}] -format "%a, %d %h %Y %T GMT" -gmt true]; domain=%s" $ckname $ckvalue "mysite.com.au"]
HTTP::respond 302 Location "https://mysite.com.au/ /correctlocation" "Set-Cookie" $cookie
} else {
log local0. "Cookie already exists"
pool POOL_TheCorrectPool-80
}
} elseif { ( [HTTP::cookie value ACCESS-AUTHORIZED] contains "Go1234") } {
log local0. "We already have a cookie..."
pool POOL_TheCorrectPool-80
} else {
log local0. "No Cookie...whoops"
HTTP::redirect "https://notauthorized.com/"
}
}
2nd rule
when HTTP_REQUEST {
log local0. "uri is [HTTP::uri]"
switch -glob -- [string tolower [HTTP::uri]] {
"*admin*" {
HTTP::respond 200 content { The URL you requested is incorrect. For other information, please contact IT Administrator @ 999999 }
log local0. "Request from [IP::client_addr] for [HTTP::uri] has been rejected."
}
}
}