Forum Discussion

Haroonh's avatar
Haroonh
Icon for Nimbostratus rankNimbostratus
Jun 20, 2020

Allowing access only to specified directories (HTTP::PATH) on hosts using IRULES

Hi Community,   I am a beginner in F5 and would like your help in achieving the following   would like to restrict the traffic to only to the following path(s)   http://hostname.mylab.co...
application delivery
iRules
LTM
PeteWhite's avatar
PeteWhite
Icon for Employee rankEmployee
Jun 23, 2020

Cool. I can see what i did wrong:

when HTTP_REQUEST {
    if { [HTTP::host] == "hostname.mylab.com" } {
        switch -- [HTTP::path] {
            "/dir1" -
            "/dir2" -
            "/dir3" -
            "/dir4" { return }
            default { drop }
        }
    } else {
        drop
    }
}

otherwise, you can implement yours a bit differently:

when HTTP_REQUEST {
  set urls { "/dir1*" "/dir2*" "/dir3*" }
  if { (! [HTTP::host] eq "hostname.mylab.com") or ( ! [lsearch -glob -- $urls [HTTP::path]) } { 
    drop
  }
}

or if the number of URLs is likely to be a large number ( 20+ ) then you can put them into a datagroup and match against that.

You can also implement this in an LTM policy which would be more performant.

When testing this sort of thing it is a good idea with a range of tests for different urls and formats to check it works as expected, it is easy to find a corner case.