Forum Discussion

NetWork's avatar
NetWork
Icon for Nimbostratus rankNimbostratus
Oct 21, 2020

IRule for Exact resource access rejection

I would like to know the feasibility of implementing iRules for below scenario, kindly suggest whether it is achievable or not.   https://my.domain.com/mrj/home/srt/portal/prtroot/com.dev.net.sen...
application delivery
iRules
LTM
security
  • Dario_Garrido's avatar
    Dario_Garrido
    Oct 22, 2020

    Hello NetWork.

    Actually the previous sentence has a mistake. It should be like this.

    set uri [getfield [HTTP::uri] "?" 1]

    This is used to remove de Query parameter of the URI. For example if you receive something like this:

    /mrj/home/srt/portal/prtroot/com.dev.net.sendemail?myuser=john

    Taking into account that you need to reject any URI related with

    /mrj/home/srt/portal/prtroot/com.dev.net.sendemail*

    Then you should use "starts_with" instead of "ends_with", and the sentence before would not be necessary.

    Your iRule should be like this:

    when HTTP_REQUEST {
	if { [HTTP::uri] == "/" } { HTTP::redirect "http://[HTTP::host]/mrj" }
	elseif { [string tolower [HTTP::uri]] starts_with "/mrj/home/srt/portal/prtroot/com.dev.net.sendemail" } { reject }
	elseif { [string tolower [HTTP::uri]] starts_with "/mrj" or [string tolower [HTTP::uri]] starts_with "/web" or [string tolower [HTTP::uri]] starts_with "/htmlb" } { pool pool-A }
	elseif { [string tolower [HTTP::uri]] starts_with "/abc" } { pool pool-B }
	elseif { [string tolower [HTTP::uri]] starts_with "/" } {reject}
}

    Please, if this was helpful don't forget to mark my answer as 'the best' to help me for the contribution.

    Regards,

    Dario.

NetWork's avatar
NetWork
Icon for Nimbostratus rankNimbostratus
Dec 06, 2020

Hi Dario,

 

We have tested in our customer environment, it works as expected.

 

Many thanks for your help!