For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Yozzer's avatar
Yozzer
Icon for Nimbostratus rankNimbostratus
Jun 03, 2011

Data Group List use in a switch

Hi     I have a Data Group list called allowed_urls that has a list of accepted urls which i want to use in an irule.       switch -glob [HTTP::uri] {   "*temp.txt" {   do...
application delivery
dev
devops
iRules
Matt_Breedlove_'s avatar
Matt_Breedlove_
Icon for Nimbostratus rankNimbostratus
Jun 07, 2011
I do something like this to do a two factor firewall type rule that includes a src ip whitelist chained to particular URI prefix's. I really like this and its not terrible to read/maintain and uses switch plus datagroups for the win


when HTTP_REQUEST {
   switch -glob [URI::decode [string tolower [HTTP::uri]]] {
      /customer1* { if { ([class match [IP::remote_addr] equals $::customer1_ip_whitelist]) } { return } }   
      /customer2* { if { ([class match [IP::remote_addr] equals $::customer2_ip_whitelist]) } { return } }   
      /customer3* { if { ([class match [IP::remote_addr] equals $::customer3_ip_whitelist]) } { return } }   
      default {
         discard
      }
   }
   HTTP::redirect "http://srypage.acme.com/sorry/nac/?hn=[HTTP::host][HTTP::uri]"
}
I suppose to just check the URI against the datagroup instead of the src ip, it could be changed inline for each condition
Hope this helps
Thanks
M