Forum Discussion
Marcel_Jorba_62
Nimbostratus
NimbostratusHow to block a specific URL
My setup is balancing 2 servers for all ports.
These servers host a web server
I need to block a very specific URL on these servers, blocking it or forwarding the requester user to an other URL outside the load balancer. This second option has been my option by means of an irule.
An iRule like this should work for me:
when HTTP_REQUEST { if { [HTTP::uri] equals "myurl"} { HTTP::redirect "https://[HTTP::host][HTTP::uri]" }
If I try to setup this, an http profile is required.
If I select an http profile, my application stops working (It uses also non http port)
My questions:
a) Is there any other way to block an URL without iRules?
b) Any help with my iRules approach?
Thanks in advance
Marcel
4 Replies
- The_BhattmanHi Marcel,
Unfortunately you cannot block something that specific without a iRule but you can build an irule that hopefully is easier to update when you want to expand what you want to block.
I typical uri block would look something like the following:Expanding this to include different URIs using the switch command when HTTP_REQUEST { switch [string tolower [HTTP::uri]] { "/path1" - "/path2" - "/path3" - . . . "/PathN" { drop } } }
Taking this further you may have an even larger list you can use datagroupsclass blockthis { "/path1" "/Path2" } when HTTP_REQUEST { if {[class match [string tolower [HTTP::uri]] equals blockthis } { drop }
This allows you to continue to add URI's you want to block. You can also replace "drop" with HTTP::redirect "http://redirected.com/uri" which can be used to redirect the client instead of dropping the connection or you can write up a sorry page response for example
HTTP::respond 200 content "We are sorry, but the site you are looking for is temporarily offline for services, please try back later
If you feel you have reached this page in error, please try again."I hope this helps,
Bhattman 
Robert_Pagano_7I hope it's not bad form to jump in here but I have a follow-up question to this discussion ...
In Bhattman's suggestion about using multiple patterns in a "switch" command, what would happen if the switch command could not match any of the patterns? Would it allow the connection to proceed? I've read up on the "switch" command and see that there is a "default" keyword so that you can specify what you want to happen if it can't find a match. But, what happens if you don't explicitly specify a "default" action? In my case, I want to drop (or reject?) the connection if the URI matches or contains any of three strings; otherwise, the connection should be allowed.
Thanks in advance for any guidance you can offer!- Kevin_Stewart
Employee
While not expressly required, it's generally best practice to include the default option in a switch. In any case, you could probably do something like this:when HTTP_REQUEST { switch -glob [string tolower [HTTP::uri]] { "/foo*" - "/bar*" - "/test*" { reject } default { return } } } 
Joe_5599_134300What about if you have a subdirectory you only want to block? This irule and others I have been testing with will also apply the reject to anything before the sub directory. /test/appsite or /*/appsite1
I want to only block/reject the /appsite1 xyz.com/test/appsite1
