Forum Discussion

MustphaBassim's avatar
MustphaBassim
Icon for Cirrus rankCirrus
Jun 03, 2023

domain blocking

Hello Dears i am trying block part of published url as show below : exmpale.com i want to block only access to exmaple.com/data_open/ anyone can help ? Best Regards
application delivery
  • Mohamed_Ahmed_Kansoh's avatar
    Mohamed_Ahmed_Kansoh
    Jun 03, 2023

    Hi MustphaBassim , 
    Okay , it's not an issue to work with https application. 
    Some steps have to be existed before the irule: 
    1- Client ssl profile >>> to decrypt Client traffic ( https traffic ) 
    2- http profile >>> it's mandatory to let Bigip to read and understand https requests which leads to make bigip able to detect irule events and perform it's actions.
    3- Test your application prior to applying irule.
    4- Apply irule and test. 

    I havn't test the irule that i sent , it looks good for me , but give my time to test it for you in my environment and I will see how it works and any optimizations may i add for it. 

    Keep me updated , maybe irule work with you after following the above 4 steps. 


Mohamed_Ahmed_Kansoh's avatar
Mohamed_Ahmed_Kansoh
Icon for MVP rankMVP
Jun 03, 2023

Hi MustphaBassim , 

try this : 

when HTTP_REQUEST {
if { ([HTTP::host] eq "example.com") and ([HTTP::path] contains "/data_open") } {
drop
}
}

you can use "starts_with" instead of contains.


I recommend to mimic this by LTM policies , just follow the same irule logic to achieve that.

> Create a test virtual server , and test this irule on it if the test passes and give you the needed results apply it in the production virtual server. 

I hope this helps you 🙂