Forum Discussion
pkhatri_72515
Nimbostratus
NimbostratusHow permit part of the url access?
How to permit part of the url accessed by only few IP addresses using data group and part of the same url accessed by all?
for example
http://example.something.com/Part_one should be a...
The_BhattmanNimbostratus
NimbostratusHi PK,
There is some syntax errors and you don't need to use 'starts_with "/assets" ' and another comparison with 'eq "/assets" '. The same goes for the "claytonkb" comparisons.
when HTTP_REQEST {
set uri_path [string tolower [HTTP::uri]]
if {not ([matchclass [IP::client_addr] equals $::Calyton_allowed_IPs]) and ($uri_path starts_with "/claytonkb/") }
log local0. "Caught [HTTP::uri] from [IP::client_addr]"
HTTP::redirect "http://static.bla.com/403.htm"
return
} elseif { ($uri_path starts_with "/assets") } {
pool acr.blah.com_http
}
}
As you can see you don't need 2 comparisons with the same path, because in your example you have already used "starts_with" which covers the different permutations of "assets" and "claytonkb"
or another way to write this up usin the SWITCH command.
when HTTP_REQUEST {
switch -glob [string tolower[HTTP::uri]] {
"/claytonkb*" -
"/assets*" {
if {not [matchclass [IP::client_addr] equals $::Calyton_allowed_IPs] }{
log local0. "Caught [HTTP::uri] from [IP::client_addr]"
HTTP::redirect "http://static.bla.com/403.htm"
return
}
pool acr.blah.com_http
}
}
}
The switch commands is suppose to be lower overhead, but I don't think in your case you will see remarkable improvement, but it does scale better.
