For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

MustphaBassim's avatar
MustphaBassim
Icon for Cirrus rankCirrus
Jun 03, 2023
Solved

domain blocking

Hello Dears

i am trying block part of published url as show below :

exmpale.com

i want to block only access to exmaple.com/data_open/

anyone can help ?

Best Regards

application delivery
  • Mohamed_Ahmed_Kansoh's avatar
    Mohamed_Ahmed_Kansoh
    Jun 03, 2023

    Hi MustphaBassim , 
    Okay , it's not an issue to work with https application. 
    Some steps have to be existed before the irule: 
    1- Client ssl profile >>> to decrypt Client traffic ( https traffic ) 
    2- http profile >>> it's mandatory to let Bigip to read and understand https requests which leads to make bigip able to detect irule events and perform it's actions.
    3- Test your application prior to applying irule.
    4- Apply irule and test. 

    I havn't test the irule that i sent , it looks good for me , but give my time to test it for you in my environment and I will see how it works and any optimizations may i add for it. 

    Keep me updated , maybe irule work with you after following the above 4 steps. 


9 Replies

  • Mohamed_Ahmed_Kansoh's avatar
    Mohamed_Ahmed_Kansoh
    Icon for MVP rankMVP
    Jun 03, 2023

    Hi MustphaBassim , 

    try this : 

    when HTTP_REQUEST {
if { ([HTTP::host] eq "example.com") and ([HTTP::path] contains "/data_open") } {
drop
}
}

you can use "starts_with" instead of contains.


    I recommend to mimic this by LTM policies , just follow the same irule logic to achieve that.

    > Create a test virtual server , and test this irule on it if the test passes and give you the needed results apply it in the production virtual server. 

    I hope this helps you 🙂 

  • MustphaBassim's avatar
    MustphaBassim
    Icon for Cirrus rankCirrus
    Jun 03, 2023

    hello dear

    thnx for reply

    it is not work , i applied on virual seever

    some point to be conider i am applying ssl offloading on this virtual seever and the website working https not http

     

    bests

    • Mohamed_Ahmed_Kansoh's avatar
      Mohamed_Ahmed_Kansoh
      Icon for MVP rankMVP
      Jun 03, 2023

      Hi MustphaBassim , 
      Okay , it's not an issue to work with https application. 
      Some steps have to be existed before the irule: 
      1- Client ssl profile >>> to decrypt Client traffic ( https traffic ) 
      2- http profile >>> it's mandatory to let Bigip to read and understand https requests which leads to make bigip able to detect irule events and perform it's actions.
      3- Test your application prior to applying irule.
      4- Apply irule and test. 

      I havn't test the irule that i sent , it looks good for me , but give my time to test it for you in my environment and I will see how it works and any optimizations may i add for it. 

      Keep me updated , maybe irule work with you after following the above 4 steps. 


      • MustphaBassim's avatar
        MustphaBassim
        Icon for Cirrus rankCirrus
        Jun 04, 2023

        Hello Dear

        I did the configruation as shown on picture when TabadulCert is our public certicate