For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

jondyke_46152's avatar
jondyke_46152
Icon for Nimbostratus rankNimbostratus
Dec 16, 2008

Irule for restriciting URL paths unsecure

I currenlty use an irule that I use to restrict traffic to certain paths:-     when HTTP_REQUEST {     if {([matchclass [HTTP::uri] starts_with $::securePaths]) and not ([ma...
application delivery
dev
devops
iRules
jondyke_46152's avatar
jondyke_46152
Icon for Nimbostratus rankNimbostratus
Dec 19, 2008
I think I tried a whitelist version of this rule before but it did not work. I think it looked something like this.

 

when HTTP_REQUEST {

 

if {([matchclass [string tolower [HTTP::path]] starts_with $::rpsecurePaths]) and ([matchclass [IP::client_addr] equals $::rptrustedAddresses])}{

 

log local0. "Allowing connection from [IP::client_addr] to [HTTP::uri]"

 

} else {

 

log local0. "Untrusted IP ([IP::client_addr]) attempting to access secure path ([HTTP::uri])"

 

discard

 

}

 

}

 

I think my logic may be a bit screwy....

 

 

The logic for this is very confusing.

 

 

How do you get

 

Allow access if A and B

 

Deny access if A and not B

 

Do nothing to traffic is not A

 

 

By adding the second line you are using a black list again.....