Forum Discussion
eanderson6_2759
Nimbostratus
NimbostratusiRule for blocking access to a specific URL
I need to block access to a URL as follows.
when URL contants "string"
this is all i could figure out at the moment
when HTTP_REQUEST {
if { [string tolower [HTTP::uri]] contains "string" }
{ if { [IP::addr [IP::client_addr] equals 10.0.0.0/8] } {
Thank you in advanced.
5 Replies
- Kevin_Stewart
Employee
Something like this:when HTTP_REQUEST { if { ( [string tolower [HTTP::uri]] contains "elmah.axd" ) and not ( [IP::addr [IP::client_addr] equals 10.0.0.0/8] ) } { log local0. "dropped" reject } } 
eanderson6_2759Unfortunately that just blocked all the traffic.- Kevin_StewartSo just to clarify, I read your requirement as:
if the URI contains "elmah.axd" and the client IP is NOT in the 10.0.0.0/8 subnet, the drop.
By transition (else):
- if the URI contains "elmah.axd" and the client IP IS in the 10.0.0.0/8 subject, let it through.
- if the URI doesn't contain "elmah.axd" (regardless of client IP subnet) let it through.
Is this correct? - eanderson6_2759
Yes, but when applied we get ERR_CONNECTION_RESET errors, from the browser.
For some reason, 10.10.20.32 isn't being recognized as part of 10.0.0.0/8 so it drops it.
- Kevin_StewartWhich TMOS version are you running?
Just to test, try this and look at the LTM logs:when HTTP_REQUEST { log local0. "Client IP: [IP::client_addr]" log local0. "URI: [HTTP::uri]" if { ( [string tolower [HTTP::uri]] contains "public2" ) and not ( [IP::addr "10.0.0.0 mask 255.0.0.0" equals [IP::client_addr]] ) } { log local0. "dropped" reject } }
