For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Domai's avatar
Domai
Icon for Altostratus rankAltostratus
Sep 14, 2016

iRule check data data group assist

Hello I need help with an iRule if possible. I am trying to accomplish 2 things. 1. Redirect if the url is abc.com to abc.com/login.jsp 2. Check if the uri is part of data group and allow.

So far I have 

1 when HTTP_REQUEST {
    if { [HTTP::uri] equals "/" } {
        HTTP::redirect "https://abc.com/login.jsp"
    }
}

2. when HTTP_REQUEST {
    if { [class match [string tolower [HTTP::path]] starts_with allow_uri_list] } {
    pool allow_pool_80
    }
    else {
Log the request for testing from client
log local0. "rejected request for [HTTP::path] from [IP::client_addr]"
HTTP::respond 200 content "Please check the URL and try again."
reject
    }
}`text`

How do I club both of the ie I need to check for / and redirect and also check the uri is the allow_uri_list? Should I create 2 diff iRules and apply them to same vip? I know that is messy. Any other way is possible?

application delivery
iRules

1 Reply

  • Vijay_E's avatar
    Vijay_E
    Icon for Cirrus rankCirrus
    Sep 14, 2016

    Assuming the iRule is intended ONLY for abc.com domain:

    when HTTP_REQUEST {
if { [HTTP::host] eq "abc.com" } {
    if { [HTTP::uri] equals "/" } {
        HTTP::redirect "https://abc.com/login.jsp"
    } elseif { [class match [string tolower [HTTP::uri]] starts_with allow_uri_list] } {
        pool allow_pool_80
    } else {
        Log the request for testing from client
        log local0. "rejected request for [HTTP::path] from [IP::client_addr]"
        HTTP::respond 200 content "Please check the URL and try again."
    }
}
}