Forum Discussion
I think you want to check if you URI "start with" something, so I would use :
starts_with
if { not ([HTTP::uri] starts_with DG2-ALLOWED-URIs]) } {
Let me know if it's OK for you.
- ant77Apr 10, 2020Cirrostratus
Added the "starts_with" and still same thing, no good. Is it better to call the URIs and wildcard within the irule or from a data group?
For example, i am trying to go to the URL below.
I have /APP1/* in the data group, so the irule should allow me to come in if i match the /APP1 and anything beyond that.
HTTPS://mysite.com/APP1/home.html
Thanks!
- ldesfossesApr 10, 2020Cirrus
In the datagroup, you should have : /APP1/ , not /APP1/*.
Regarding the if it's better to call the URIs in the iRule or a datagroup, IMO, it depend on how many times the URIs will be added or removed and the number of entry.
For just 3 that will never change, I would do it in the iRule, because it'll easiest for some persons to maintain. If you have a lot of URIs and it'll change, I'll do it in a data group, it'll be easy to just add/remove stuff from the data group for an untrained technician.
- ldesfossesApr 10, 2020Cirrus
if { not ([HTTP::uri] starts_with "/APP1/" or "/APP2" ) } { #Do Something }
I don't have a BigIP right now to test, but this is how I see it.
- ant77Apr 10, 2020Cirrostratus
Thanks!
Do you have an example of this irule if want to call it within the irule and not use the URI data group?
Would it look something like this?
class allowedURIs {
“/APP1/“
“/APP2/“
“/APP3/“
}
when HTTP_REQUEST {
if [class match [IP::client_addr] equals DG1-BLOCKED-SUBNETS] {
if { not ( [HTTP::uri] starts_with $::allowedURIs) ] } {
reject
}
}
}