Forum Discussion
izac_189977
Nimbostratus
NimbostratusiRule catches /
Hi all,
I'm trying to achieve the following
If a client requests a uri that is listed in the data group denied_uris
and the client ip is not from data group trusted_net
send a 403
Here is my...
izac_189977Nimbostratus
NimbostratusSorry guys the "!" in the first if was a left over, forgotten by me...
I corrected the rule
when HTTP_REQUEST {
if { [class match [string tolower [HTTP::uri]] starts_with denied_uris] } {
if { not ([class match [IP::client_addr] equals private_net]) } {
HTTP::respond 403 content "URL Blocked"
return
}
}
}
Now I can access www.domain.com and I get redirected by the webserver to www.domain.com/entry/index.html that's fine.
But now all uris in the denied_uris data group work from external
I tried your config @nitass, you're using starts_with I tried it in my setup and switched from equals but the denied_uris are reachable from external.
This is the only iRule applied to the the VS
