Forum Discussion
NimbostratusHow to create a Policy to block websites
Hi Guys,
Question to ask.
I have a VS configured and accessible externally on my F5. An A record has been crated of X.X.X.X to www.mydomain.co.uk and that works perfectly fine.
The problem is there is a couple websites hosted on the back end server:
www.mydomain.co.uk/owa www.mydomain.co.uk/autodiscovery www.mydomain.co.uk/etc . . . and so on...
I would like to create a Policy which will check the URI and if it's /owa for example I would like to drop it but for everything else allow it.
Is that doable at all?
Thanks, Dom
8 Replies
eneRCirrostratus
Hey, my suggest:
when HTTP_REQUEST { if { [HTTP::uri] equals "/owa"] } { drop } }
Domel_163525Hello there,
I do have an iRule in place:
when HTTP_REQUEST { if { [ class match [string tolower [HTTP::uri]] contains allowed_uris ] } { Stop processing the iRule for this event here return } else { drop } }
class allowed_uris { "/site1/" "/site2/" "/site3/*" }
But was wondering if the same can be achieved with a simple policy?
- Domel_163525
If it's not doable can I actually redirect to another URL if "/owa" is typed in by using iRule?
- Domel_163525
Probably silly question but not very good in coding iRules...
What am I missing here:
when HTTP_REQUEST { if { [ class match [string tolower [HTTP::uri]] contains web-exchange-external-datagroup ] } { Stop processing the iRule for this event here return } elseif {[HTTP::uri] equals "/owa"] } { HTTP::respond 301 Location "https://mynewurl.co.uk" } }
- eneRWhat does not work? Or is it working but not as expected? Maybe you want to append the uri to your new location url? { HTTP::respond 301 Location "https://mynewurl.co.uk[HTTP::uri]" }
- Domel_163525
The iRule could not even be saved on BIG-IP as the code was incorrect.
I have used this one and it works fine now:
when HTTP_REQUEST { if { [HTTP::uri] equals "/owa" } { HTTP::respond 301 Location "https://mynewurl.co.uk" } elseif { [ class match [string tolower [HTTP::uri]] contains web-exchange-external-datagroup ] } { return} else { drop} }
Thanks for your help.
P.S. how do I make my iRule to appear in a table (like yours) when I reply here?
- eneR
when HTTP_REQUEST { if { [HTTP::uri] equals "/owa" } { HTTP::respond 301 Location "https://mynewurl.co.uk" } elseif { [ class match [string tolower [HTTP::uri]] contains web-exchange-external-datagroup ] } { return} else { drop}}Like this? I always write the irule in notepad++ or f5irule editor and copy it.
And in the devcentral answer field I press on the fourth icon (Performatted Code) and paste my code in.
But sometimes i still have to add some space characters here or tab's there .. 😄 
Stanislas_Piro2Cumulonimbus
There is a "how to format" link on the top right corner...
I don't see any error on the code:
when HTTP_REQUEST { if { [HTTP::uri] equals "/owa" } { HTTP::respond 301 Location "https://mynewurl.co.uk" } elseif { [ class match [string tolower [HTTP::uri]] contains web-exchange-external-datagroup ] } { return } else { drop} }But in your first request, you wanted to do it with a policy...
you can create a local traffic policy to do the same:
- requires : http
- controls : forwarding
- Strategy : first-match
- rule 1:
- condition : http-uri path starts_with /owa
- action : http-reply redirect Location : "https://mynewurl.co.uk"
- rule 2:
- condition : http-uri path starts_with /autodiscovery /etc ...
- action : none
- rule 3:
- condition : none
- action : forward reset
