F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

jokragly's avatar
jokragly
Icon for Nimbostratus rankNimbostratus
Nov 03, 2010

iRule for URI ACL

Good afternoon. We are getting desperate trying to find a solution to allow specific URIs and deny all other traffic.     Basically what we are after is to allow access to 5 specific directorie...
application delivery
dev
devops
iRules
jokragly's avatar
jokragly
Icon for Nimbostratus rankNimbostratus
Nov 05, 2010
We ended up opening a support case with F5 and here is the iRule and data group syntax that we had to use.

 

 

when HTTP_REQUEST {

 

log local0. "path is [HTTP::path]"

 

set search_id [class startsearch blue_ACL]

 

while { [class anymore blue_ACL $search_id] } {

 

nextelement returns an array with two elements (for a string class, we just care about the first element)

 

set elem [class nextelement blue_ACL $search_id]

 

set elem [lindex $elem 0]

 

log local0. "elem is $elem"

 

if { [string tolower [HTTP::path]] matches_regex $elem } {

 

log local0. "$elem matched !"

 

return

 

}

 

}

 

 

HTTP::respond 200 content "PERMISSION DENIED TO: [HTTP::uri]"

 

}

 

 

The trick is that your datagroup (blue_ACL) strings need to be entered using REGEX notation. ( You will need to start each string with a "^" and for the / path (root), you need to enter "^/$".

 

^/$ (the $ means "end of string")

 

^/Dealer

 

^/Help

 

^/Image

 

^/Login

 

^/User

 

 

You also need to enter all the strings in lower case because of the " tolower" command, if they are upper case they won't match.

 

 

I appreciate everyones help but I just wanted to update the forum with what worked for us.