For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Ashu_Aggarwal's avatar
Ashu_Aggarwal
Icon for Cirrus rankCirrus
Apr 02, 2020

i-rule to allow specific urls only

I have to configure a VS to allow only two urls & block everything else. for example https://mycompany.com/abc/* & https://mycompany.com/xyz/* should be allowed & everything else should be blocked. C...
application delivery
iRules
LTM
Ashu_Aggarwal's avatar
Ashu_Aggarwal
Icon for Cirrus rankCirrus
Apr 03, 2020

Thanks, but my request is to allow the two uris & dropped everything else. & in dropped request user get http:403 request forbidden.

  • jaikumar_f5's avatar
    jaikumar_f5
    Icon for Noctilucent rankNoctilucent
    Apr 06, 2020

     , try putting logging to see if you are capturing the right URI's.

    You can follow Samir's IRule and since you wanted 403, replace drop with respond 403.

    when HTTP_REQUEST { 
   if { !(([string tolower [HTTP::uri]] starts_with "/abc") or ([string tolower [HTTP::uri]] starts_with "/pqr")) } { 
     HTTP::respond 403 content "<html><body>Access Denied</body></html>" 
   } else {
   log local0. "client=[IP::client_addr] accessing - [HTTP::uri] which is allowed"
   }
}

    If you want to test before implementing, to make sure you are putting right actions, put logging first. Something like below,

    when HTTP_REQUEST { 
   if { !(([string tolower [HTTP::uri]] starts_with "/abc") or ([string tolower [HTTP::uri]] starts_with "/pqr")) } { 
     log local0. "client=[IP::client_addr] accessing - [HTTP::uri] which is to be blocked with a 403"
   } else {
   log local0. "client=[IP::client_addr] accessing - [HTTP::uri] which is allowed"
   }
}