Forum Discussion
AltostratusBlock uri iRule review....Pls
Hello I just have a simple requirement ie to allow only certain uri's. I just want to check to see if the below iRule will do the trick and not cause any problems...
===========================================================================
when HTTP_REQUEST {
if { [class match [HTTP::uri] ne "allowed_uris"] }
{
drop
}
}
===========================================================================
And I create a data group called "allow_uri's" with /sales, /reports,/data
Will the above irule block www.abc.com/sales/1quarter/check? since I did not specify the second part of uri...should I also add "/sales/1quarter/check?" to the data group or just add "/sales/*"
What are pro's and con's using drop vs reject.I know reject sends a notification back saying invalid request.
Thank you.
1 Reply
Yann_DesmarestCirrus
Hello,
To get the uri part without the query string, you should use HTTP::path instead.
drop, discard commands cause the client to timeout because nothing is sent to the client.
reject send a tcp reset to the client.
When using http/https, I prefer to answer an http error instead of a tcp action.
And I would recommend to use starts_with or contains instead of ne for the condition in the class match
