Forum Discussion

IgorS_141493's avatar
IgorS_141493
Icon for Nimbostratus rankNimbostratus
Aug 09, 2018

iRule for matching host & multiple uri's and close connection on the rest.

Hi,

 

I've a got a question related to setting up a reverse proxy iRule with multiple sites and have to filter also on certain uri's. we also offloading our ssl traffic at this moment.

 

the reverse proxy iRule already exists for other sites.

 

our setup is like this: for the complete iRule:

 

when HTTP_REQUEST {
if { [string tolower [HTTP::host]] contains "site1.domain.com" } { 
    SSL::disable serverside
    pool pool_poolxxx
    return
}
if { [string tolower [HTTP::host]] contains "site2.domain2.com" } { 
    SSL::disable serverside
    pool pool_poolyyy
    return
}
if { [string tolower [HTTP::host]] contains "site3.domain3.com" } { 
    SSL::disable serverside
    pool pool_poolzzz
    return
}
"Insert new code here" see examples below
}

the new url has to be checked on different uri's and block all de rest including base url "newsite.domain.com"

 

complete has to be like: http host = newsite.domain.com and uri has to be check on this string "/ps/xyz/abc/123/y/" including wildcards.

 

Also on the same site also the uri /css has to be allowed aswel to load the css in the background.

 

I've tried things like

 

"insert code here 1 "

 

if { [string tolower [HTTP::host]] contains "newsite.domain.com" and [HTTP::uri] starts_with "/css" } {
            SSL::disable serverside
            pool pool_poolxyz
            return

if { [string tolower [HTTP::host]] contains "newsite.domain.com" } {
    if { [HTTP::uri] starts_with "/ps" } {
        if { [HTTP::uri contains "/xyz/abc/123/y/" } {
            SSL::disable serverside
            pool pool_poolxyz
            return
        else {
            HTTP::respond 404 "Not Found" "Connection" "close"
            return      
            }
        }
    }
}

"insert code here 2 "

 

if { [string tolower [HTTP::host]] contains "recruitment.provant.be" } { 
    switch -glob [string tolower [HTTP::path]] { 
        "*/ps*/xyz/abc/123/y/*" {
        SSL::disable serverside
        pool pool_poolxyz
        return
    }

    default {
        HTTP::respond 404 "Not Found" "Connection" "close"
        return
    }  
}

}

 

Any other ideas or solution?

 

devops
iRules
LTM
security
  • Yann_Desmarest's avatar
    Yann_Desmarest
    Icon for Cirrus rankCirrus
    Aug 10, 2018

    Hi,

     

    Code 1 has some missing parts :

     

    if { [string tolower [HTTP::host]] contains "newsite.domain.com" and [HTTP::uri] starts_with "/css" } {
    SSL::disable serverside
    pool pool_poolxyz
    return
}
if { [string tolower [HTTP::host]] contains "newsite.domain.com" } {
    if { [HTTP::uri] starts_with "/ps" } {
        if { [HTTP::uri] contains "/xyz/abc/123/y/" } {
            SSL::disable serverside
            pool pool_poolxyz
            return
        } else {
            HTTP::respond 404 content "Not Found" noserver "Connection" "close"
            return      
        }
    }
}