Forum Discussion
iRule - Block part of a query
- Dec 13, 2022
Hello PG0581 ,
this code should work, and it's exactly how I would build the iRule too.Any reason why you're using "string tolower"? Remember that in this case, your datagroup should be all lowercase characters in order to match.
In my lab, this code is working indeed
I would check profiles on your VS .. you need HTTP profile to parse [HTTP::query] info, and if this HTTPS traffic you also need a clientSSL profile in order to see unencrypted data.
I also tried modifying the iRule to use "contains" rather than "eq", but no luck there either:
when HTTP_REQUEST {
if { [class match [string tolower [HTTP::query]] contains data-group-1] }{
log local0. "Denied query: [IP::client_addr] - [HTTP::query]"
reject
}
}
- CA_ValliDec 13, 2022MVP
Hello PG0581 ,
this code should work, and it's exactly how I would build the iRule too.Any reason why you're using "string tolower"? Remember that in this case, your datagroup should be all lowercase characters in order to match.
In my lab, this code is working indeed
I would check profiles on your VS .. you need HTTP profile to parse [HTTP::query] info, and if this HTTPS traffic you also need a clientSSL profile in order to see unencrypted data.
- PG0581Dec 15, 2022Cirrus
Hi CA_Valli ,
Thanks for testing this. I have typically always used "string tolower", but what I did not realize or had not noticed is the string in the data-group needs to be lowercase as well. Makes total sense! The string in my data-group is not all in lowercase, so I will fix that.
- CA_ValliDec 15, 2022MVP
Happy to help!
I typically use that syntax if I need to normalize some data, but with URI's /login and /LOGIN would be two different pages and you might have unexpected matches..
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com