Forum Discussion
AltostratusBlock specific URI
I am trying to block a URI using iRule. I want to block only the URI listed on my uri-notallowed_data_group which do not match the network_allowed_data_group
I created two data groups
uri-notallowed_data_group
/abc/login?returnurl=/abc
/abc/
/abc
network_allowed_data_group
192.168.0.0/16
iRule
when HTTP_REQUEST {
if {[class match [string tolower [HTTP::uri]] equals uri-notallowed_data_group] and not [class match [IP::client_addr] equals network_allowed_data_group]}
{
log local0. "Dropped Connection [HTTP::uri]"
drop
}
}
iRule is blocking /abc/ , /abc and if the URI is entered as lower case.
The issue is that the page loads if the address has capital letters e.g https://www.xyz.com/Abc/Login?ReturnUrl=/Abc
Any idea why the URI is not being converted to lower case even though I am using string tolower [HTTP::uri]
gscholz_370150Nimbostratus
For simplicity I tested your iRule without the IP address check, and in my environment on v13.1.1.2 it works fine. I logged not only the URI, but also how it got converted.
This is the iRule:
when HTTP_REQUEST { if {[class match [string tolower [HTTP::uri]] equals uri-notallowed_data_group]} { log local0. "Rejected Connection [HTTP::uri], converted [string tolower [HTTP::uri]]" reject } }And this is the outcome in /var/log/ltm:
Dec 11 17:54:57 f5-c info tmm3[11373]: Rule /Common/irule_uriblock : Rejected Connection /ABC/login?returnurl=/abc, converted /abc/login?returnurl=/abc