Forum Discussion

minphonemyatthu's avatar
minphonemyatthu
Icon for Nimbostratus rankNimbostratus
Sep 19, 2018

Block from Certain URI Access with irule.

Hello All,

 

Please help me to write an irule for the following requirements. I have two accessible URL on a VIP ( and ) and want to block access from .

 

Is there another ways to block URL access except irule?

 

I was tried with many similar below rule, it wasn't worked for me.

 

when HTTP_REQUEST { if { [string tolower [HTTP::uri]] starts_with "/ologin" } { HTTP::respond 404 noserver return } }

 

Thanks

 

BIG-IP
iRules
security

3 Replies

  • PeteWhite's avatar
    PeteWhite
    Icon for Employee rankEmployee
    Sep 19, 2018

    You can block access using an LTM policy. This has rules in which you select URIs etc and is more performant than an iRule.

    Regarding your iRule, you seem to have used starts_with but the URI doesn't start with /ologin, it starts with //. Maybe use equals or ends_with instead:

    when HTTP_REQUEST { 
  if { [string tolower [HTTP::uri]] equals "//ologin" } { 
    HTTP::respond 404 noserver return 
  } 
}

    You can also use HTTP::path which may be a bit more accurate as it doesn't contain the query string.

  • Stanislas_Piro2's avatar
    Stanislas_Piro2
    Icon for Cumulonimbus rankCumulonimbus
    Sep 20, 2018

    I guess this is a web service and you don’t try with a browser!

     

    If you try with a browser, string after is not sent to the server!

     

  • AlanTen's avatar
    AlanTen
    Icon for Altostratus rankAltostratus
    Sep 20, 2018

    I'm pretty sure '' is not a valid character for URI paths which is why, as Stanislas Piron mentioned, anything after the '' is not sent to the server.