Forum Discussion
Dropping connections after a specific part of URI
Hi There,
I need help to write an iRule that will drop the request for any request after this uri:
/xyz/web/apx/ pass this request but anything after that uri need to drop the request ( drop /xyz/web/apx/*)
tried this but it is not working:
when HTTP_REQUEST {
if { [HTTP::uri] contains "/xyz/web/apx/*" } {
drop
}
}
Thank you in advance
Hi AbuAhmad,
I missed something sorry. Could you please try below one:
when HTTP_REQUEST { if { [HTTP::uri] starts_with "/xyz/web/apx/" && not ([HTTP::uri] equals "/xyz/web/apx/") } { drop } }
- oguzyCirrostratus
Hi AbuAhmad,
If the uri starts with /xyz/web/apx then you can use the following irule:
when HTTP_REQUEST { if { [HTTP::uri] starts_with "/xyz/web/apx/" } { drop } }
Otherwise your irule is almost correct. Just remove the asteriks at the end of the uri.
Have a nice day.
- AbuAhmadNimbostratus
Thank you Oguzy for the quick response,
I tried this before but it drops the connection that I need to keep:
https://host.name.com/xyz/web/apx/ << need this to still function including the "/" at the end but anything after that "/" should be dropped.
Thats why I tried the "/*" as wildcard at the end as I don't have list of all the directories that comes after that but need to block all of them.
Any ideas will be highly appreciated.
- oguzyCirrostratus
Hi AbuAhmad,
I missed something sorry. Could you please try below one:
when HTTP_REQUEST { if { [HTTP::uri] starts_with "/xyz/web/apx/" && not ([HTTP::uri] equals "/xyz/web/apx/") } { drop } }
- AbuAhmadNimbostratus
Thank you Oguzy so much for your help, this one worked as requested. I added to it "HTTP::respond 403" instead of "drop" to give a meaningful message.
The client came back saying they can't block everyone passed apx/ :(
So I am going to use data groups to block certain directories until they provide the full list.
Thanks again for the help Oguzy.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com