For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Haroonh's avatar
Haroonh
Icon for Nimbostratus rankNimbostratus
Jun 20, 2020

Allowing access only to specified directories (HTTP::PATH) on hosts using IRULES

Hi Community,   I am a beginner in F5 and would like your help in achieving the following   would like to restrict the traffic to only to the following path(s)   http://hostname.mylab.co...
application delivery
iRules
LTM
PeteWhite's avatar
PeteWhite
Icon for Employee rankEmployee
Jun 23, 2020

Cool. I can see what i did wrong:

when HTTP_REQUEST {
    if { [HTTP::host] == "hostname.mylab.com" } {
        switch -- [HTTP::path] {
            "/dir1" -
            "/dir2" -
            "/dir3" -
            "/dir4" { return }
            default { drop }
        }
    } else {
        drop
    }
}

otherwise, you can implement yours a bit differently:

when HTTP_REQUEST {
  set urls { "/dir1*" "/dir2*" "/dir3*" }
  if { (! [HTTP::host] eq "hostname.mylab.com") or ( ! [lsearch -glob -- $urls [HTTP::path]) } { 
    drop
  }
}

or if the number of URLs is likely to be a large number ( 20+ ) then you can put them into a datagroup and match against that.

You can also implement this in an LTM policy which would be more performant.

When testing this sort of thing it is a good idea with a range of tests for different urls and formats to check it works as expected, it is easy to find a corner case.