Forum Discussion
shakalakka
Altostratus
AltostratusiRule and multiple switch-statements
So we need to filter based on both URIs and host-headers AND the source-IPs. I have tried using two switch-statements, with the same action for both if the client-IP-range matches - the first one wor...
Kevin_Stewart
Employee
EmployeeThe second switch will indeed not fire if there's a URI match, since that is doing an 'event disable'. So the logic presumes that the request does not match the URI in order to do a match on the host.
For giggles, try adding some logging and see what falls out:
when HTTP_REQUEST {
log local0. "host: [string tolower [HTTP::host]]"
set RESPONSE "<html><title>404 - NOT FOUND</title><body>404 - not found</body></html>"
switch -glob [string tolower [HTTP::uri]] {
"/someuri" -
"/someuri/*" {
log local0. "match URI: [string tolower [HTTP::uri]]"
if { [matchclass [IP::client_addr] equals dg_blockthesehosts ] } {
HTTP::respond 404 -version auto content $RESPONSE noserver "Content-Type" "text/html;charset=utf-8"
TCP::close
event disable
return
}
}
}
switch [string tolower [HTTP::host]] {
"host1.host.com" -
"host2.host.com" {
log local0. "match host: [string tolower [HTTP::host]]"
if { [matchclass [IP::client_addr] equals dg_blockthesehosts ] } {
HTTP::respond 404 -version auto content $RESPONSE noserver "Content-Type" "text/html;charset=utf-8"
TCP::close
event disable
return
}
}
}
}
shakalakkaI will try. That is correct, the URI and host-header matching will not happen on the same site, so the logic is something like this:
If you are a source-IP in dg_blockthesehosts:
Give a 404 if you try to access /someuri/*
OR:
if you try to access host1.host.com or host2.host.com.
They wont try to access host1.host.com/someuri.