Forum Discussion
CirrostratusiRule and Data group URI wildcard matching not working
CirrusI think you want to check if you URI "start with" something, so I would use :
starts_with
if { not ([HTTP::uri] starts_with DG2-ALLOWED-URIs]) } {Let me know if it's OK for you.
CirrostratusAdded the "starts_with" and still same thing, no good. Is it better to call the URIs and wildcard within the irule or from a data group?
For example, i am trying to go to the URL below.
I have /APP1/* in the data group, so the irule should allow me to come in if i match the /APP1 and anything beyond that.
HTTPS://mysite.com/APP1/home.html
Thanks!
- ldesfosses
In the datagroup, you should have : /APP1/ , not /APP1/*.
Regarding the if it's better to call the URIs in the iRule or a datagroup, IMO, it depend on how many times the URIs will be added or removed and the number of entry.
For just 3 that will never change, I would do it in the iRule, because it'll easiest for some persons to maintain. If you have a lot of URIs and it'll change, I'll do it in a data group, it'll be easy to just add/remove stuff from the data group for an untrained technician.
- ant77
Thanks!
Do you have an example of this irule if want to call it within the irule and not use the URI data group?
Would it look something like this?
class allowedURIs {
“/APP1/“
“/APP2/“
“/APP3/“
}
when HTTP_REQUEST {
if [class match [IP::client_addr] equals DG1-BLOCKED-SUBNETS] {
if { not ( [HTTP::uri] starts_with $::allowedURIs) ] } {
reject
}
}
}
- ldesfosses
if { not ([HTTP::uri] starts_with "/APP1/" or "/APP2" ) } { #Do Something }I don't have a BigIP right now to test, but this is how I see it.
- ant77
Thank you!
- ldesfosses
It's working ?
