For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

maximillean_953's avatar
maximillean_953
Icon for Nimbostratus rankNimbostratus
May 27, 2014

i write with not it applies true

when HTTP_REQUEST { if { ([lindex [split [HTTP::path] "/"] 2] contains "control" ) or ( [lindex [split [HTTP::path] "/"] 3] contains "control" ) or ( [lindex [split [HTTP::path] "/"] 1] contain...
application delivery
devops
iRules
nitass's avatar
nitass
Icon for Employee rankEmployee
May 27, 2014

isn't this correct?

 config

root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm rule qux
ltm rule qux {
    when HTTP_REQUEST {
  log local0. "uri: [HTTP::uri]"
  if { ([lindex [split [HTTP::path] "/"] 2] contains "control") or \
    ([lindex [split [HTTP::path] "/"] 3] contains "control") or \
    ([lindex [split [HTTP::path] "/"] 1] contains "sql" and \
    ![class match [IP::client_addr] eq ss_allowed_address]) } {
    reject
    log local0. "1: [lindex [split [HTTP::path] "/"] 1] \
      2: [lindex [split [HTTP::path] "/"] 2] \
      3: [lindex [split [HTTP::path] "/"] 3] \
      class: ![class match [IP::client_addr] eq ss_allowed_address] \
      reseult: reject"
  }
}
}
root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm data-group internal ss_allowed_address
ltm data-group internal ss_allowed_address {
    type ip
}

 test

[root@ve11a:Active:In Sync] config  tail -f /var/log/ltm
May 27 05:51:10 ve11a info tmm1[14715]: Rule /Common/qux : uri: /sql/controlA/controlB/something
May 27 05:51:10 ve11a info tmm1[14715]: Rule /Common/qux : 1: sql  2: controlA  3: controlB  class: !0  reseult: reject