Forum Discussion

Nimbostratus

Nov 03, 2010

iRule for URI ACL

Good afternoon. We are getting desperate trying to find a solution to allow specific URIs and deny all other traffic. Basically what we are after is to allow access to 5 specific directorie...

Cirrostratus

Nov 07, 2010

I think this is what Chris was suggesting:


when HTTP_REQUEST {

   if { ! ([class match [string tolower [HTTP::uri]] starts_with SplunkTest] or [HTTP::uri] eq "/") } {
      HTTP::respond 200 content "PERMISSION DENIED TO: [HTTP::uri]"
   }
}

You might also want to decode the URI using URI::decode to minimize the chance someone can bypass the iRule logic:

http://devcentral.f5.com/wiki/default.aspx/iRules/FullyDecodeURI.html

Aaron

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)