Forum Discussion
Aziz-90s
Altocumulus
Altocumulusirule block uri for external users when url has special characters such as $
Hi all I've tried an irule on VIP for the website example to block the uri for external users only example /_api/$metadata I need to block this path /_api/$metadata so what I tried is When HTTP_...
Hi Aziz,
Two things that I noticed in the iRule;
1. there is no space between equals"example"} - although I suspect this is just an edit error for the question here, I thought I'd mention it, just in case... 😉
2. "/_api/$metadata" - are you referring an iRule variable or is this part of the actual URI? If it is a variable, where is it exactly declared? If part of the URI, the iRule will probably think it's a variable and interpret as such. To avoid this behaviour, try putting a backslash in front of it to clearly tell the iRule to take is as its literal value. ( "/_api/\$metadata" )
If the above two things didn't help, did you see any messages in the ltm log? (/var/log/ltm) and what is the behaviour when connecting from inside a private net or outside? Lastly, any chance of any proxies in between that are always hiding behind an outside address?
Regarding Local Traffic Policies; yes, they are brilliant and often a great replacement for basic iRules (...but iRules are still awesome!). I think your example might indeed be a good one for an LTP. Have a look here: https://techdocs.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/local-traffic-policies-getting-started-12-1-0/1.html but also just give it a go in the F5 GUI and you'll be able to figure it out quickly. (go to Local Traffic - Policies - Create new policy)
Hope one of these tips helps.
Alex
Hi Alex
Thanks for replying
The /_api/$metadata is part of uri,
also I forgot to mention that I did a little research about special characters in uri
and it turns out that we could somehow avoid or resolve this issue by using a syntax Set_encode something like that
have u hear any thing like this.
I'll try ur suggestions & reply back
much appreciated
AlexBCT
Cumulonimbus
CumulonimbusHi Aziz,
Two things that I noticed in the iRule;
1. there is no space between equals"example"} - although I suspect this is just an edit error for the question here, I thought I'd mention it, just in case... 😉
2. "/_api/$metadata" - are you referring an iRule variable or is this part of the actual URI? If it is a variable, where is it exactly declared? If part of the URI, the iRule will probably think it's a variable and interpret as such. To avoid this behaviour, try putting a backslash in front of it to clearly tell the iRule to take is as its literal value. ( "/_api/\$metadata" )
If the above two things didn't help, did you see any messages in the ltm log? (/var/log/ltm) and what is the behaviour when connecting from inside a private net or outside? Lastly, any chance of any proxies in between that are always hiding behind an outside address?
Regarding Local Traffic Policies; yes, they are brilliant and often a great replacement for basic iRules (...but iRules are still awesome!). I think your example might indeed be a good one for an LTP. Have a look here: https://techdocs.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/local-traffic-policies-getting-started-12-1-0/1.html but also just give it a go in the F5 GUI and you'll be able to figure it out quickly. (go to Local Traffic - Policies - Create new policy)
Hope one of these tips helps.
Alex
Aziz-90sHi Alex
Thanks for replying
The /_api/$metadata is part of uri,
also I forgot to mention that I did a little research about special characters in uri
and it turns out that we could somehow avoid or resolve this issue by using a syntax Set_encode something like that
have u hear any thing like this.
I'll try ur suggestions & reply back
much appreciated
