Fastidious
Jun 21, 2024Altostratus
Help with iRule
Good day all!
I have the following iRule:
when HTTP_REQUEST {
if { ([HTTP::host] eq "lists.example.com") and ([HTTP::uri] eq "/cgi-bin/wa?INDEX" || [HTTP::uri] eq "/cgi-bin/wa?MOD" || [HTTP::uri] eq "/cgi-bin/wa?SYSCFG" || [HTTP::uri] eq "/cgi-bin/wa?OWNER" || [HTTP::uri] eq "/cgi-bin/wa?INDEX=" || [HTTP::uri] eq "/cgi-bin/wa?LOGON" || [HTTP::uri] eq "/cgi-bin/wa?LOGON=INDEX" || [HTTP::uri] eq "/cgi-bin/wa?LOGON=" || [HTTP::uri] eq "/cgi-bin/wa?ADMINDASH" || [HTTP::uri] eq "/cgi-bin/wa?LSTCR1") } {
switch -glob [class match [IP::client_addr] eq "LISTSERV-TST_Allowed_IPs"] {
"1" {
return
}
default {
HTTP::redirect "https://www.google.com/"
}
}
}
else {
return
}
}
As you can see, it is inefficient, and it doesn't account for all possibilities. Let me explain what I am aiming.
If an `HTTP_REQUEST` comes to "lists.example.com" (`[HTTP::host]`), and the URI (`[HTTP::uri]`) isn't "/cgi-bin/wa?SUBEDIT1*" (that is, "cgi-bin/wa?SUBEDIT1", and anything after it), redirect it unless it is from an IP on the "LISTSERV-TST_Allowed_IPs", in which case, allow anything on the URI and continue to it.
What would you do?
You can negate that second IF as well to avoid the else
when HTTP_REQUEST priority 500 { if { (![class match -- [IP::client_addr] eq "LISTSERV-TST_Allowed_IPs"]) && !(([HTTP::host] eq "lists.example.com") && ([HTTP::uri] matches_glob "/cgi-bin/wa?SUBEDIT1*")) } { HTTP::redirect "https://www.google.com" } }