Forum Discussion

Robert_Pagano_7's avatar
Robert_Pagano_7
Icon for Nimbostratus rankNimbostratus
May 30, 2013

deny access to certain URIs based on client source IP address and URI being accessed

I have been asked to deny access to a virtual server if ...   [1] the client is coming from a "non-private" (i.e. not RFC 1918) IP address   and   [2] the client is trying to access any one ...
application delivery
dev
devops
iRules
Kevin_Stewart's avatar
Kevin_Stewart
Icon for Employee rankEmployee
May 31, 2013
The switch -glob syntax allows you to catch wildcard data, so if the user added a hash tag and some text at the end of the URI, the application would probably ignore it, but then so would your static evaluation. I would then recommend something like this:

 

 

switch -glob [string tolower [HTTP::uri]] {

 

"/blah-blah-blah*" -

 

"/system/yada-yada-yada?config=1&usertype=1&other-stuff=true*" -

 

"/system/yada-yada-yada?config=1&usertype=2&other-stuff=true*" { drop }

 

}

 

 

Just added the star "*" to the end of each URI to catch anything AFTER that string as well.