Forum Discussion
minnoce944
Nimbostratus
Nimbostratusdenying access except for specific domains and paths
Hi, i have requirements to lock down specific domains and paths unless they are valid. This VIP has multiple domain names pointing at it so i'm trying to cover all possible conditions. I have something i've put together, but i wanted to see is this can be done more elegant / more efficient.
Condition 1: domain can be anything except img.domain.com but has to start with /path1/, otherwise issue a 403 Condition 2: domain has to be img.domain.com and start with /path2/, otherwise issue a 403 Condition 3: domain has to be img.domain.com and start with /path3/, otherwise issue a 403
Here is what i've came up with so far:
when HTTP_REQUEST {
if { not ([string tolower [HTTP::uri]] starts_with "/path1/") and not ([HTTP::host] eq "img.domain.com") } {
HTTP::respond 403
}
if { (not ([string tolower [HTTP::uri]] starts_with "/path2/")) or (not ([string tolower [HTTP::uri]] starts_with "/path3/")) and ([HTTP::host] eq "img.domain.com") } {
HTTP::respond 403
}
}
Thanks
2 Replies
- Kevin_Stewart
Employee
Here's another option:
when HTTP_REQUEST { switch [string tolower [HTTP::host]] { "img.domain.com" { switch -glob [string tolower [HTTP::uri]] { "/path2/*" - "/path3/*" { return } default { HTTP::respond 403 } } } default { if { not ( [string tolower [HTTP::uri]] starts_with "/path1/" ) } { HTTP::respond 403 } else { return } } } } 
minnoce944Thanks for the new rule, worked perfectly.
