Forum Discussion

AbuAhmad's avatar
AbuAhmad
Icon for Nimbostratus rankNimbostratus
Aug 05, 2021

Dropping connections after a specific part of URI

Hi There,

I need help to write an iRule that will drop the request for any request after this uri:

 

/xyz/web/apx/ pass this request but anything after that uri need to drop the request ( drop /xyz/web/apx/*)

 

tried this but it is not working:

when HTTP_REQUEST {

  if { [HTTP::uri] contains "/xyz/web/apx/*" } {

     drop

  }

}

 

Thank you in advance

  • oguzy's avatar
    oguzy
    Aug 05, 2021

    Hi AbuAhmad,

    I missed something sorry. Could you please try below one:

    when HTTP_REQUEST {
      if { [HTTP::uri] starts_with "/xyz/web/apx/" && not ([HTTP::uri] equals "/xyz/web/apx/") } {
         drop
     }
    }
  • oguzy's avatar
    oguzy
    Icon for Cirrostratus rankCirrostratus

    Hi AbuAhmad,

    If the uri starts with /xyz/web/apx then you can use the following irule:

    when HTTP_REQUEST {
      if { [HTTP::uri] starts_with "/xyz/web/apx/" } {
         drop
      }
    }

    Otherwise your irule is almost correct. Just remove the asteriks at the end of the uri.

    Have a nice day.

  • Thank you Oguzy for the quick response,

    I tried this before but it drops the connection that I need to keep:

     

    https://host.name.com/xyz/web/apx/ << need this to still function including the "/" at the end but anything after that "/" should be dropped.

     

    Thats why I tried the "/*" as wildcard at the end as I don't have list of all the directories that comes after that but need to block all of them.

    Any ideas will be highly appreciated.

    • oguzy's avatar
      oguzy
      Icon for Cirrostratus rankCirrostratus

      Hi AbuAhmad,

      I missed something sorry. Could you please try below one:

      when HTTP_REQUEST {
        if { [HTTP::uri] starts_with "/xyz/web/apx/" && not ([HTTP::uri] equals "/xyz/web/apx/") } {
           drop
       }
      }
  • Thank you Oguzy so much for your help, this one worked as requested. I added to it "HTTP::respond 403" instead of "drop" to give a meaningful message.

    The client came back saying they can't block everyone passed apx/ :(

    So I am going to use data groups to block certain directories until they provide the full list.

    Thanks again for the help Oguzy.