Forum Discussion
Vova_1985_18320
Nimbostratus
NimbostratusiRule based on domain
Hi im looking for a way to accept traffic with * expression, is it possible?
when HTTP_REQUEST {
if { [string tolower [HTTP::host]] eq "*.example.com*"} {
pool $HTTP_pool
} else {
HTTP::respond 403
}
}
Vova_1985_18320No actully this is the full iRule: Now i dont have syntax error, however its always send "err_connection_reset"
when RULE_INIT { set HTTP_pool MY_POOL_HTTP } when HTTP_REQUEST { if { [HTTP::header exists Origin] } { switch -glob ([string tolower [HTTP::header Origin]]) { "test.com" { pool $HTTP_pool } "test2.com" { pool $HTTP_pool } "test3.com" { pool $HTTP_pool } default { HTTP::respond 403 } } } }
PeteWhiteEmployee
OK, can you run 'tail -f /var/log/ltm' and show the output from there relevant to the irule when you test it.
- Vova_1985_18320
Nothing usefully, the errors related to irule is the last errors i had when the syntax was wrong.
May 28 14:10:53 ams-f501 err mcpd[8729]: 01070151:3: Rule [/Common/Origin] error: /Common/Origin:4: error: [parse error: missing close-brace][{ if { [HTTP::header exists Origin] } { switch -glob ([string tolower [HTTP::header Origin]]) { "*mydomain1.com" { pool $HTTP_pool } "*mydomain2.com" { pool $HTTP_pool } "*mydomain3.com" { pool $HTTP_pool } default { HTTP::respond 403 } } }] /Common/Origin:5: error: [command is not valid in the current scope][if { [HTTP::header exists Origin] } { switch -glob ([string tolower [HTTP::header Origin]]) { "*mydomain1.com" { pool $HTTP_pool } "*mydomain2.com" { pool $HTTP_pool } "*mydomain3.com" { pool $HTTP_pool } default { HTTP::respond 403 } } }] May 28 14:11:00 ams-f501 err mcpd[8729]: 01070151:3: Rule [/Common/Origin] error: /Common/Origin:4: error: [parse error: missing close-brace][{ if { [HTTP::header exists Origin] } { switch -glob ([string tolower [HTTP::header Origin]]) { "*mydomain1.com" { pool $HTTP_pool } "*mydomain2.com" { pool $HTTP_pool } "*mydomain3.com" { pool $HTTP_pool } default { HTTP::respond 403 } } }] /Common/Origin:5: error: [command is not valid in the current scope][if { [HTTP::header exists Origin] } { switch -glob ([string tolower [HTTP::header Origin]]) { "*mydomain1.com" { pool $HTTP_pool } "*mydomain2.com" { pool $HTTP_pool } "*mydomain3.com" { pool $HTTP_pool } default { HTTP::respond 403 } } }] May 28 14:18:44 ams-f501 notice mcpd[8729]: 01071682:5: Resuming log processing at this invocation; held 4 messages. May 28 14:18:44 ams-f501 notice mcpd[8729]: 01071682:5: SNMP_TRAP: Virtual /Common/TESTORIGIN has become unavailable - PeteWhite
I see the VS is down - Virtual /Common/TESTORIGIN has become unavailable
Maybe the reset is coming from the backend server, not from the LTM. Can you check whether it's up and if not then sort it out and try again.
If it's up and running then it's worth adding some debugging entries to the iRule to check what it's doing.
- Vova_1985_18320
No, this wasn't the problem. I ended with this one, and it works like a charm, thank you for the support:
when HTTP_REQUEST { set CORS_DOMAINS_REGEX ".(domain1.com|domain2.com)$" set HTTP_pool "mypool" if { [HTTP::header exists Origin] } { set origin_host [HTTP::header Origin] if { $origin_host matches_regex $CORS_DOMAINS_REGEX } { pool $HTTP_pool } else { HTTP::respond 403 } } else { pool $HTTP_pool } }