Forum Discussion

Brian_10565's avatar
Brian_10565
Icon for Nimbostratus rankNimbostratus
Sep 27, 2011

HTTP_REQUEST not triggered

Forgive the irule-newbie, I've searched for this and not found the answer to my problem. I am implementing a very simple irule:

 

 

when HTTP_REQUEST {

 

if { [HTTP::uri] contains "CFIDE" } {

 

drop

 

}

 

}

 

 

 

 

This is a resource on a virtual server that also involves SSL offloading at the Big-IP. I even replaced the irule with this code just to see if it would log something and it doesn't.

 

 

 

when HTTP_REQUEST {

 

log local0.info "HTTP:

 

 

  • Hi Brain,

    Try this out and see if it works for you.

    I added in [string tolower[HTTP::uri]] so that your compare is in a known state (the URI Portion of a URL is case sensitive, so it is a good habit to get into to take account for it).

    I also added in a logging statement, so if it finds a qualifying event it will log it into the /var/log/ltm log along with the Client IP Address.

    
    when HTTP_REQUEST {
    if { [string tolower [HTTP::uri]] starts_with "/cfide" } {
    log local0. "Blocking access to "/CFIDE".  Traffic dropped from [IP::client_addr]"
    drop
    }
    }
    

    Hope this helps.
  • Thanks, Michael, for getting back to me and I've added in your code with one minor correction for a double-quote. I wish I could report that the event was now firing but sadly, it still isnt. Could it have anything to do with the SSL decryption that has to occur via the offload (e.g., it hasnt decrypted the request so it doesnt see the GET for CFIDE)?
  • OK, I tested it with another vs and it worked as expected. Further investigation revealed that there were actually two VS' created for two IPs on that system and I was only working on the one IP. Once I added it to the 2nd VS (the right one), it worked as expected. Thanks for taking the time to assist.