Forum Discussion

MustphaBassim's avatar
MustphaBassim
Icon for Cirrus rankCirrus
Jun 03, 2023

domain blocking

Hello Dears

i am trying block part of published url as show below :

exmpale.com

i want to block only access to exmaple.com/data_open/

anyone can help ?

Best Regards

application delivery
  • Mohamed_Ahmed_Kansoh's avatar
    Mohamed_Ahmed_Kansoh
    Jun 03, 2023

    Hi MustphaBassim , 
    Okay , it's not an issue to work with https application. 
    Some steps have to be existed before the irule: 
    1- Client ssl profile >>> to decrypt Client traffic ( https traffic ) 
    2- http profile >>> it's mandatory to let Bigip to read and understand https requests which leads to make bigip able to detect irule events and perform it's actions.
    3- Test your application prior to applying irule.
    4- Apply irule and test. 

    I havn't test the irule that i sent , it looks good for me , but give my time to test it for you in my environment and I will see how it works and any optimizations may i add for it. 

    Keep me updated , maybe irule work with you after following the above 4 steps. 


  • Mohamed_Ahmed_Kansoh's avatar
    Mohamed_Ahmed_Kansoh
    Icon for MVP rankMVP
    Jun 03, 2023

    Hi MustphaBassim , 

    try this : 

    when HTTP_REQUEST {
if { ([HTTP::host] eq "example.com") and ([HTTP::path] contains "/data_open") } {
drop
}
}

you can use "starts_with" instead of contains.


    I recommend to mimic this by LTM policies , just follow the same irule logic to achieve that.

    > Create a test virtual server , and test this irule on it if the test passes and give you the needed results apply it in the production virtual server. 

    I hope this helps you 🙂 

  • MustphaBassim's avatar
    MustphaBassim
    Icon for Cirrus rankCirrus
    Jun 03, 2023

    hello dear

    thnx for reply

    it is not work , i applied on virual seever

    some point to be conider i am applying ssl offloading on this virtual seever and the website working https not http

     

    bests

    • Mohamed_Ahmed_Kansoh's avatar
      Mohamed_Ahmed_Kansoh
      Icon for MVP rankMVP
      Jun 03, 2023

      Hi MustphaBassim , 
      Okay , it's not an issue to work with https application. 
      Some steps have to be existed before the irule: 
      1- Client ssl profile >>> to decrypt Client traffic ( https traffic ) 
      2- http profile >>> it's mandatory to let Bigip to read and understand https requests which leads to make bigip able to detect irule events and perform it's actions.
      3- Test your application prior to applying irule.
      4- Apply irule and test. 

      I havn't test the irule that i sent , it looks good for me , but give my time to test it for you in my environment and I will see how it works and any optimizations may i add for it. 

      Keep me updated , maybe irule work with you after following the above 4 steps. 


      • TerryRobinson's avatar
        TerryRobinson
        Icon for Nimbostratus rankNimbostratus
        Jun 14, 2023

        I want to know the steps and you made my day. Thank you sir.