F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

computerli's avatar
computerli
Icon for Altostratus rankAltostratus
Dec 11, 2018

Block specific URI

I am trying to block a URI using iRule. I want to block only the URI listed on my uri-notallowed_data_group which do not match the network_allowed_data_group   I created two data groups   uri-...
application delivery
LTM
gscholz_370150's avatar
gscholz_370150
Icon for Nimbostratus rankNimbostratus
Dec 11, 2018

For simplicity I tested your iRule without the IP address check, and in my environment on v13.1.1.2 it works fine. I logged not only the URI, but also how it got converted.

This is the iRule:

when HTTP_REQUEST {
    if {[class match [string tolower [HTTP::uri]] equals uri-notallowed_data_group]} {
        log local0. "Rejected Connection [HTTP::uri], converted [string tolower [HTTP::uri]]"
        reject
    }
}

And this is the outcome in /var/log/ltm:

Dec 11 17:54:57 f5-c info tmm3[11373]: Rule /Common/irule_uriblock : Rejected Connection /ABC/login?returnurl=/abc, converted /abc/login?returnurl=/abc