Forum Discussion
NetWork
Nimbostratus
NimbostratusIRule for Exact resource access rejection
I would like to know the feasibility of implementing iRules for below scenario, kindly suggest whether it is achievable or not. https://my.domain.com/mrj/home/srt/portal/prtroot/com.dev.net.sen...
Hello NetWork.
Actually the previous sentence has a mistake. It should be like this.
set uri [getfield [HTTP::uri] "?" 1]This is used to remove de Query parameter of the URI. For example if you receive something like this:
/mrj/home/srt/portal/prtroot/com.dev.net.sendemail?myuser=john
Taking into account that you need to reject any URI related with
/mrj/home/srt/portal/prtroot/com.dev.net.sendemail*
Then you should use "starts_with" instead of "ends_with", and the sentence before would not be necessary.
Your iRule should be like this:
when HTTP_REQUEST { if { [HTTP::uri] == "/" } { HTTP::redirect "http://[HTTP::host]/mrj" } elseif { [string tolower [HTTP::uri]] starts_with "/mrj/home/srt/portal/prtroot/com.dev.net.sendemail" } { reject } elseif { [string tolower [HTTP::uri]] starts_with "/mrj" or [string tolower [HTTP::uri]] starts_with "/web" or [string tolower [HTTP::uri]] starts_with "/htmlb" } { pool pool-A } elseif { [string tolower [HTTP::uri]] starts_with "/abc" } { pool pool-B } elseif { [string tolower [HTTP::uri]] starts_with "/" } {reject} }Please, if this was helpful don't forget to mark my answer as 'the best' to help me for the contribution.
Regards,
Dario.
NetWorkNimbostratus
NimbostratusHi Dario,
We have tested in our customer environment, it works as expected.
Many thanks for your help!
