Forum Discussion
sharpie_79656
Nimbostratus
NimbostratusHTTP Policy
Hello,
I am attempting to write an HTTP Policy that validate several aspects (HOST HEADER & URI) of a request before forwarding on to the default pool. When I had single values the policy was working great, now that I've add multiple values I no longer get the desired outcome. When I the apply URI check it begins to RESET all traffic. The check of /status and the HOST HEADER work without issue.
Thanks!
ltm policy /QA/API_SERVICES {
controls { forwarding }
requires { http }
rules {
ALLOWED_SERVICES {
actions {
0 {
log
write
message "DENIED ACCESS TO WEB SERVICE"
}
1 {
forward
reset
}
}
conditions {
0 {
http-uri
path
not
contains
values { /favorites/ /users/ } //ONLY PERMIT IF URI CONTAINS ONE OF THESE VALUES
}
}
ordinal 3
}
DROP_STATUS_PAGES {
actions {
0 {
log
write
message "DENIED ACCESS TO STATUS PAGE"
}
1 {
forward
reset
}
}
conditions {
0 {
http-uri
path
ends-with
values { /status } //BLOCK ACCESS TO STATUS PAGES
}
}
ordinal 2
}
HOST_HEADER {
actions {
0 {
log
write
message "INCORRECT HOST HEADER"
}
1 {
forward
reset
}
}
conditions {
0 {
http-host
host
not
values { service1.domain1.ca service2.domain1.ca } //DOES THE HOST HEADER CONTAIN EITHER OF THESE VALUES
}
}
ordinal 1
}
}
strategy /Common/first-match
}
boneyardMVP
so it is the first rule (ALLOWED_SERVICES) that fails? can you give examples which fail? because I see an odd "not" there. also the reset makes sense as it is also there.