Forum Discussion
Haroonh
Nimbostratus
NimbostratusAllowing access only to specified directories (HTTP::PATH) on hosts using IRULES
Hi Community,
I am a beginner in F5 and would like your help in achieving the following
would like to restrict the traffic to only to the following path(s)
http://hostname.mylab.com/dir1
http://hostname.mylab.com/dir2
http://hostname.mylab.com/dir3
http://hostname.mylab.com/dir4
Could you please tell me if the following IRule will work if not please help me in configuring this.
when HTTP_REQUEST {
if { (([HTTP::host] eq "hostname.mylab.com") and ([HTTP::path] eq "/dir1"))
or (([HTTP::host] eq "hostname.mylab.com") and ([HTTP::path] eq "/dir2"))
or (([HTTP::host] eq "hostname.mylab.com") and ([HTTP::path] eq "/dir3"))
or (([HTTP::host] eq "hostname.mylab.com") and ([HTTP::path] eq "/dir4")) } {
} else {
drop
}
}
I really appreciate your help and support in this
Kind Regards,
PeteWhiteEmployee
when HTTP_REQUEST { if { [HTTP::host] == "hostname.mylab.com" } { switch -- [HTTP::path] { "/dir1" - "/dir2" - "/dir3" - "/dir4" - default { drop } } } else { drop } }
HaroonhThanks Pete for the reply and your time, really appreciate it.
I have tried your solution but it doesn't seem to work,
I implemented the following which went fine.
when HTTP_REQUEST {
if { (([HTTP::host] eq "hostname.mylab.com") and ([HTTP::uri] contains "/dir1"))
or (([HTTP::host] eq "hostname.mylab.com") and ([HTTP::uri] contains "/dir2"))
or (([HTTP::host] eq "hostname.mylab.com") and ([HTTP::uri] contains "/dir3"))
or (([HTTP::host] eq "hostname.mylab.com") and ([HTTP::uri] contains "/dir4")) } {
} else {
drop
}
}
Kind Regards,
- PeteWhite
Cool. I can see what i did wrong:
when HTTP_REQUEST { if { [HTTP::host] == "hostname.mylab.com" } { switch -- [HTTP::path] { "/dir1" - "/dir2" - "/dir3" - "/dir4" { return } default { drop } } } else { drop } }otherwise, you can implement yours a bit differently:
when HTTP_REQUEST { set urls { "/dir1*" "/dir2*" "/dir3*" } if { (! [HTTP::host] eq "hostname.mylab.com") or ( ! [lsearch -glob -- $urls [HTTP::path]) } { drop } }or if the number of URLs is likely to be a large number ( 20+ ) then you can put them into a datagroup and match against that.
You can also implement this in an LTM policy which would be more performant.
When testing this sort of thing it is a good idea with a range of tests for different urls and formats to check it works as expected, it is easy to find a corner case.