Forum Discussion
jondyke_46152
Nimbostratus
NimbostratusIrule for restriciting URL paths unsecure
I currenlty use an irule that I use to restrict traffic to certain paths:-
when HTTP_REQUEST {
if {([matchclass [HTTP::uri] starts_with $::securePaths]) and not ([ma...
jondyke_46152Nimbostratus
NimbostratusDoes anybody know if there is any way you can use wild cards with datagroup paths?
If I used the following irule would it be possible to somehow add some form of wild card to the KnownGoodPaths datagroup?
when HTTP_REQUEST
{
if {not ([matchclass [HTTP::uri] starts_with $::KnownGoodPaths]) }
{
log local0. "Dodgy URL ([HTTP::uri]) being used"
discard
}
else
{
if { ([matchclass [HTTP::uri] starts_with $::securePaths]) }
{
if { not ([matchclass [IP::client_addr] equals $::trustedAddresses])}
{
log local0. "Untrusted IP ([IP::client_addr]) attempting to access secure path ([HTTP::uri])"
discard
}
else
{
log local0. "Allowing connection from [IP::client_addr] to secure [HTTP::uri]"
}
}
else
{
log local0. "Allowing connection from [IP::client_addr] to insecure [HTTP::uri]"
}
}
}
