For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

darrenclegg_199's avatar
darrenclegg_199
Icon for Nimbostratus rankNimbostratus
Sep 09, 2011

Access restriction to certain URLs

I have a simple iRule to only allow certain URLs access(see below)

 

 

when HTTP_REQUEST

 

{ if { not ([string tolower [HTTP::host]] eq "www.domain.com") }{

 

drop

 

HTTP::respond 200 content \ "Wrong URL entered Access not allowed" "Content-Type" "text/html" } }

 

 

I want to allow other URLs within the same iRule e.g www.domain1.com, www.domain2.com.

 

 

Can anyone help?
application delivery
dev
devops
iRules

8 Replies

  • Michael_Yates's avatar
    Michael_Yates
    Icon for Nimbostratus rankNimbostratus
    Sep 09, 2011
    The iRule that you have created is a literal compare, so the other domains should not be blocked by this iRule.

     

     

    Did you need to just allow them through or did you need to route them to different server pools? If you just want to allow them through then you can use the iRule like you have it. If you need to route each different [HTTP::host] then you will need to make a few additions (I would suggest using a switch statement).
  • Eddy_20831's avatar
    Eddy_20831
    Icon for Nimbostratus rankNimbostratus
    Oct 18, 2012

    Michael,

     

    This worked fine.

     

     

    when HTTP_REQUEST {

     

    if { [HTTP::uri] starts_with "/xyz" } {

     

    HTTP::redirect "http://[getfield [HTTP::host] ":" 1]/"

     

    }

     

    }

     

     

    However, How do I use this to point to a group of URIs.

     

    thanks,

     

  • SSHSSH_97332's avatar
    SSHSSH_97332
    Icon for Nimbostratus rankNimbostratus
    Oct 19, 2012
    You Can create a data group that contains all of the needed URIs then use the data group inside the IRule
  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    Oct 19, 2012
    e.g. 

    [root@ve10:Active] config  b virtual bar list
virtual bar {
   snat automap
   pool foo
   destination 172.28.19.79:80
   ip protocol 6
   rules myrule
   profiles {
      http {}
      tcp {}
   }
}
[root@ve10:Active] config  b rule myrule list
rule myrule {
   when HTTP_REQUEST {
   if { [class match -- [string tolower [HTTP::uri]] starts_with redirect_class] } {
      HTTP::redirect "http://[getfield [HTTP::host] ":" 1]/"
   }
}
}
[root@ve10:Active] config  b class redirect_class list
class redirect_class {
   {
      "/123"
      "/abc"
      "/xyz"
   }
}
[root@ve10:Active] config  curl -I http://172.28.19.79/abc/something
HTTP/1.0 302 Found
Location: http://172.28.19.79/
Server: BigIP
Connection: Keep-Alive
Content-Length: 0