Forum Discussion
Yozzer
Nimbostratus
NimbostratusData Group List use in a switch
Hi
I have a Data Group list called allowed_urls that has a list of accepted urls which i want to use in an irule.
switch -glob [HTTP::uri] {
"*temp.txt" {
do...
Matt_Breedlove_Nimbostratus
NimbostratusI do something like this to do a two factor firewall type rule that includes a src ip whitelist chained to particular URI prefix's. I really like this and its not terrible to read/maintain and uses switch plus datagroups for the win
when HTTP_REQUEST {
switch -glob [URI::decode [string tolower [HTTP::uri]]] {
/customer1* { if { ([class match [IP::remote_addr] equals $::customer1_ip_whitelist]) } { return } }
/customer2* { if { ([class match [IP::remote_addr] equals $::customer2_ip_whitelist]) } { return } }
/customer3* { if { ([class match [IP::remote_addr] equals $::customer3_ip_whitelist]) } { return } }
default {
discard
}
}
HTTP::redirect "http://srypage.acme.com/sorry/nac/?hn=[HTTP::host][HTTP::uri]"
}
I suppose to just check the URI against the datagroup instead of the src ip, it could be changed inline for each condition
Hope this helps
Thanks
M