Forum Discussion
NimbostratusAllow access based on full url request
Hello,
I would like to make an iRule which drop connection when the remote hits a specific url.
I did the below iRule, which doesn't work because the HTTP:path doesn't contain the full requested url : https://example.com/rest/nameservice
From ltm log :
Rule /Common/Block_Allow_CR126400 : Access out if : /rest/nameServicE
Please let me know which method should I use to make a full match.
when HTTP_REQUEST { log local0. "Access out if [IP::client_addr] : [HTTP::path]" if { ( [ string tolower [HTTP::path]] equals "https://example.com/rest/nameservice" ) } then { log local0. "Access allowed inside IF from [IP::client_addr]" drop } }
Best Regards,
Csaba
Try this:
when HTTP_REQUEST { set url [HTTP::host][HTTP::uri] if{$url == "example.com/rest/nameservice"} TCP::close } when HTTP_RESPONSE { if{$url == "example.com/rest/nameservice"} HTTP::close }
5 Replies
PeteWhiteEmployee
when HTTP_REQUEST { log local0. "Access out if [IP::client_addr] : [HTTP::path]" if { ( [ string tolower [HTTP::path]] equals "/rest/nameservice" ) } then { log local0. "Access allowed inside IF from [IP::client_addr]" drop } }Use HTTP::host to get the host details. HTTP or HTTPS is based on the VS port.
Try this:
when HTTP_REQUEST { set url [HTTP::host][HTTP::uri] if{$url == "example.com/rest/nameservice"} TCP::close } when HTTP_RESPONSE { if{$url == "example.com/rest/nameservice"} HTTP::close }
Micros_88999Hello, original request : https://example.com/rest/nameservice HTTP:host : output example.com HTTP::uri : output /rest/nameservice so the output from log for [HTTP::host][HTTP::uri] : example.com/rest/nameservice- Yes.
- Micros_88999ok thanks it is working
