Forum Discussion
Marcel_Jorba_62
Jul 26, 2011Nimbostratus
How to block a specific URL
My setup is balancing 2 servers for all ports.
These servers host a web server
I need to block a very specific URL on these servers, blocking it or forwarding the requester user to an other URL outside the load balancer. This second option has been my option by means of an irule.
An iRule like this should work for me:
when HTTP_REQUEST { if { [HTTP::uri] equals "myurl"} { HTTP::redirect "https://[HTTP::host][HTTP::uri]" }
If I try to setup this, an http profile is required.
If I select an http profile, my application stops working (It uses also non http port)
My questions:
a) Is there any other way to block an URL without iRules?
b) Any help with my iRules approach?
Thanks in advance
Marcel
- The_BhattmanNimbostratusHi Marcel,
Expanding this to include different URIs using the switch command when HTTP_REQUEST { switch [string tolower [HTTP::uri]] { "/path1" - "/path2" - "/path3" - . . . "/PathN" { drop } } }
class blockthis { "/path1" "/Path2" } when HTTP_REQUEST { if {[class match [string tolower [HTTP::uri]] equals blockthis } { drop }
I hope this helps,
- Robert_Pagano_7NimbostratusI hope it's not bad form to jump in here but I have a follow-up question to this discussion ...
- Kevin_StewartEmployeeWhile not expressly required, it's generally best practice to include the default option in a switch. In any case, you could probably do something like this:
when HTTP_REQUEST { switch -glob [string tolower [HTTP::uri]] { "/foo*" - "/bar*" - "/test*" { reject } default { return } } }
- Joe_5599_134300Nimbostratus
What about if you have a subdirectory you only want to block? This irule and others I have been testing with will also apply the reject to anything before the sub directory. /test/appsite or /*/appsite1
I want to only block/reject the /appsite1 xyz.com/test/appsite1
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects