NetWork
Oct 21, 2020Nimbostratus
IRule for Exact resource access rejection
I would like to know the feasibility of implementing iRules for below scenario, kindly suggest whether it is achievable or not. https://my.domain.com/mrj/home/srt/portal/prtroot/com.dev.net.sen...
- Oct 22, 2020
Hello NetWork.
Actually the previous sentence has a mistake. It should be like this.
set uri [getfield [HTTP::uri] "?" 1]
This is used to remove de Query parameter of the URI. For example if you receive something like this:
/mrj/home/srt/portal/prtroot/com.dev.net.sendemail?myuser=john
Taking into account that you need to reject any URI related with
/mrj/home/srt/portal/prtroot/com.dev.net.sendemail*
Then you should use "starts_with" instead of "ends_with", and the sentence before would not be necessary.
Your iRule should be like this:
when HTTP_REQUEST { if { [HTTP::uri] == "/" } { HTTP::redirect "http://[HTTP::host]/mrj" } elseif { [string tolower [HTTP::uri]] starts_with "/mrj/home/srt/portal/prtroot/com.dev.net.sendemail" } { reject } elseif { [string tolower [HTTP::uri]] starts_with "/mrj" or [string tolower [HTTP::uri]] starts_with "/web" or [string tolower [HTTP::uri]] starts_with "/htmlb" } { pool pool-A } elseif { [string tolower [HTTP::uri]] starts_with "/abc" } { pool pool-B } elseif { [string tolower [HTTP::uri]] starts_with "/" } {reject} }
Please, if this was helpful don't forget to mark my answer as 'the best' to help me for the contribution.
Regards,
Dario.