Forum Discussion
arjun_ankathil_
Nimbostratus
NimbostratusHTTP traffic deny - not working.
A request for test.test.com/BluePortServlets/PaymentPortal on HTTP was requested to be dropped , Configured below iRule and applied to VS , however traffic is still reached.
rule test_payment_rule
when HTTP_request { if {TCP::local_port != 443 and [HTTP::uri] contains "BluePortServlets/PaymentPortal" }{
drop }
Also tcpdump output shows POST messages being used to get to BluePortServlets/PaymentPortal
Can someone please advice on how to drop traffic this HTTP requested.
5 Replies
hoolioCirrostratus
Hi Arjun,
Are you applying this iRule to a port 80 HTTP VIP? If so, can you try this?when HTTP_REQUEST { log local0. "[IP::client_addr]:[TCP::client_port]: [HTTP::method] request to [HTTP::host][HTTP::uri]" if {[HTTP::path] contains "BluePortServlets/PaymentPortal" }{ log local0. "[IP::client_addr]:[TCP::client_port]: Dropping request to [HTTP::uri]" drop } }
Once you're done testing, you can comment out the debug logging.
Aaron
arjun_ankathil_Hi Aaron,
This didn't work . also
log local0. "[IP::client_addr]:[TCP::client_port]: [HTTP::method] request to [HTTP::host][HTTP::uri] is giving a syntax error.- arjun_ankathil_Hi Aaron,
This did n't work , Also log local0. "[IP::client_addr]:[TCP::client_port]: [HTTP::method] request to [HTTP::host][HTTP::uri] shows syntax error. - hoolioSorry, somehow I had HTTP_REQUEST listed as HTTP_request. Can you try the edited example above?
Thanks, Aaron - arjun_ankathil_Thanks Aaron, my bad , didn't think about that ..
the logs indicate the GET request being dropped. but the user is directly doing a HTTP POST which still gets thru. Any idea on this ?
Rule test_payment_drop : 10.201.49.150:4666: Dropping request to /BluePortServlets/PaymentPortal
tcpdump output
140242.291066167.210.219.37170.225.49.239HTTPPOST /BluePortServlets/PaymentPortal HTTP/
.
