Forum Discussion
nitass
May 27, 2014Employee
isn't this correct?
config
root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm rule qux
ltm rule qux {
when HTTP_REQUEST {
log local0. "uri: [HTTP::uri]"
if { ([lindex [split [HTTP::path] "/"] 2] contains "control") or \
([lindex [split [HTTP::path] "/"] 3] contains "control") or \
([lindex [split [HTTP::path] "/"] 1] contains "sql" and \
![class match [IP::client_addr] eq ss_allowed_address]) } {
reject
log local0. "1: [lindex [split [HTTP::path] "/"] 1] \
2: [lindex [split [HTTP::path] "/"] 2] \
3: [lindex [split [HTTP::path] "/"] 3] \
class: ![class match [IP::client_addr] eq ss_allowed_address] \
reseult: reject"
}
}
}
root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm data-group internal ss_allowed_address
ltm data-group internal ss_allowed_address {
type ip
}
test
[root@ve11a:Active:In Sync] config tail -f /var/log/ltm
May 27 05:51:10 ve11a info tmm1[14715]: Rule /Common/qux : uri: /sql/controlA/controlB/something
May 27 05:51:10 ve11a info tmm1[14715]: Rule /Common/qux : 1: sql 2: controlA 3: controlB class: !0 reseult: reject