Forum Discussion

ccraddock_33000's avatar
ccraddock_33000
Icon for Nimbostratus rankNimbostratus
Jan 29, 2018

How to block HTTP/S requests to a VIP if the URI contains certain path

DevCentral,

I am having a hard time writing an irule that blocks/drops HTTP/S requests to a VIP if the URI contains the following: javax.faces.resource/dynamiccontent.properties.xhtml

I have written the irule as such but the F5 keeps stating "01070151:3: Rule [/Common/irule_block_javax] error: /Common/irule_block_javax:6: error: [command is not valid in the current scope][}]"

when HTTP_REQUEST { 
   if { [string tolower [HTTP::path]] contains "/javax.faces.resource/dynamiccontent.properties.xhtml" } { 
         discard 
      }
   }
}

Can anyone tell me what im doing wrong? Thanks.

BIG-IP
iRules
security
  • MvdG's avatar
    MvdG
    Icon for Cirrus rankCirrus
    Jan 29, 2018

    Hi,

     

    Why use an iRule?

     

    Can't you use a LTM Policy attached to the VS?

     

    A LTM Policy let's you define rules to adjust behavior of the VS. If the path contains this value, just reset the traffic.

     

    Go to Local Traffic -> Policies -> Policy List and create a new policy.

     

    In the policy add a new rule (give it a name) and do the following:

     

    HTTP URI Path contains your path, Reset Traffic.

     

    Regards, Martijn.

     

    • MvdG's avatar
      MvdG
      Icon for Cirrus rankCirrus
      Jan 29, 2018

      Hi,

       

      I have add some more information in my answer.

       

      Do not forget to attached the LTM policy to the VS in the Resources tab of the Virtual Server.

       

      Hopes this helps

       

      Martijn.

       

    • ccraddock_33000's avatar
      ccraddock_33000
      Icon for Nimbostratus rankNimbostratus
      Jan 29, 2018

      Martijn,

      I was having issues with the "Actions" portion so I went back to the irule and fixed it. The error I was getting "01070151:3: Rule [/Common/irule_block_javax] error: /Common/irule_block_javax:6: error: [command is not valid in the current scope][}]" was stating that in line 6 I had one too many curly braces. I deleted the curly brace in line 6 and the irule now looks like this and is working:

      when HTTP_REQUEST { 
   if { [string tolower [HTTP::uri]] contains "/javax.faces.resource/dynamiccontent.properties.xhtml" } { 
         discard 
      }
}

      Thanks for your help.

  • Martijn_144688's avatar
    Martijn_144688
    Icon for Cirrostratus rankCirrostratus
    Jan 29, 2018

    Hi,

     

    Why use an iRule?

     

    Can't you use a LTM Policy attached to the VS?

     

    A LTM Policy let's you define rules to adjust behavior of the VS. If the path contains this value, just reset the traffic.

     

    Go to Local Traffic -> Policies -> Policy List and create a new policy.

     

    In the policy add a new rule (give it a name) and do the following:

     

    HTTP URI Path contains your path, Reset Traffic.

     

    Regards, Martijn.

     

    • Martijn_144688's avatar
      Martijn_144688
      Icon for Cirrostratus rankCirrostratus
      Jan 29, 2018

      Hi,

       

      I have add some more information in my answer.

       

      Do not forget to attached the LTM policy to the VS in the Resources tab of the Virtual Server.

       

      Hopes this helps

       

      Martijn.

       

    • ccraddock_33000's avatar
      ccraddock_33000
      Icon for Nimbostratus rankNimbostratus
      Jan 29, 2018

      Martijn,

      I was having issues with the "Actions" portion so I went back to the irule and fixed it. The error I was getting "01070151:3: Rule [/Common/irule_block_javax] error: /Common/irule_block_javax:6: error: [command is not valid in the current scope][}]" was stating that in line 6 I had one too many curly braces. I deleted the curly brace in line 6 and the irule now looks like this and is working:

      when HTTP_REQUEST { 
   if { [string tolower [HTTP::uri]] contains "/javax.faces.resource/dynamiccontent.properties.xhtml" } { 
         discard 
      }
}

      Thanks for your help.