Forum Discussion
iRule not working
Hi - I created an iRule and only part 1 of it is working
Part 1: Allow URL that meets the following
www.website.com/cell/...client_id
Must meet all 3 to 'allow'
host = 'www.website.com' Path starts_with 'cell' URI contains 'client_id'
This part works perfectly
Part 2:
Allow URL that meets the following
host = 'www.website.com' Path starts_with '/phone'
This part isn't working becuase of Part 1 and its rejecting everything
when HTTP_REQUEST { if { [HTTP::host] equals "www.website.com" } { if { [HTTP::path] starts_with "/cell" } { if { [HTTP::uri] contains "client_id" } { log local0. "host=[HTTP::host] path=[HTTP::path] action=allow" log local0. "uri=[HTTP::uri] action=allow"
return if { [HTTP::host] equals "www.website.com" } { if { [HTTP::path] starts_with "/phone/" } { log local0. "host=[HTTP::host] path=[HTTP::path] action=allow" return
}
} } } } log local0. "host=[HTTP::host] path=[HTTP::path] action=reject" log local0. "Rejected" reject }
Use a tab infront of your code so it formats properly.
I think I pieced it back together, and it looks like your second if is nested inside your first one. You need to close out of the first if so when it doesn't match, the second if is evaluated
when HTTP_REQUEST { if { [HTTP::host] equals "www.website.com" } { if { [HTTP::path] starts_with "/cell" } { if { [HTTP::uri] contains "client_id" } { log local0. "host=[HTTP::host] path=[HTTP::path] action=allow" log local0. "uri=[HTTP::uri] action=allow" return } } } if { [HTTP::host] equals "www.website.com" } { if { [HTTP::path] starts_with "/phone/" } { log local0. "host=[HTTP::host] path=[HTTP::path] action=allow" return } } log local0. "host=[HTTP::host] path=[HTTP::path] action=reject" log local0. "Rejected" reject } }
I think that should work. It would probably be cleaner to combine your if's together with and statements, and have an if/elseif/else structure.
when HTTP_REQUEST { if { ( [HTTP::host] equals "www.website.com" && [HTTP::path] starts_with "/cell" && [HTTP::uri] contains "client_id" ) } { log local0. "host=[HTTP::host] path=[HTTP::path] action=allow" log local0. "uri=[HTTP::uri] action=allow" } elseif { ( [HTTP::host] equals "www.website.com" && [HTTP::path] starts_with "/phone/" ) } { log local0. "host=[HTTP::host] path=[HTTP::path] action=allow" } else { log local0. "host=[HTTP::host] path=[HTTP::path] action=reject" log local0. "Rejected" reject } }
- mimlo_61970Cumulonimbus
Use a tab infront of your code so it formats properly.
I think I pieced it back together, and it looks like your second if is nested inside your first one. You need to close out of the first if so when it doesn't match, the second if is evaluated
when HTTP_REQUEST { if { [HTTP::host] equals "www.website.com" } { if { [HTTP::path] starts_with "/cell" } { if { [HTTP::uri] contains "client_id" } { log local0. "host=[HTTP::host] path=[HTTP::path] action=allow" log local0. "uri=[HTTP::uri] action=allow" return } } } if { [HTTP::host] equals "www.website.com" } { if { [HTTP::path] starts_with "/phone/" } { log local0. "host=[HTTP::host] path=[HTTP::path] action=allow" return } } log local0. "host=[HTTP::host] path=[HTTP::path] action=reject" log local0. "Rejected" reject } }
I think that should work. It would probably be cleaner to combine your if's together with and statements, and have an if/elseif/else structure.
when HTTP_REQUEST { if { ( [HTTP::host] equals "www.website.com" && [HTTP::path] starts_with "/cell" && [HTTP::uri] contains "client_id" ) } { log local0. "host=[HTTP::host] path=[HTTP::path] action=allow" log local0. "uri=[HTTP::uri] action=allow" } elseif { ( [HTTP::host] equals "www.website.com" && [HTTP::path] starts_with "/phone/" ) } { log local0. "host=[HTTP::host] path=[HTTP::path] action=allow" } else { log local0. "host=[HTTP::host] path=[HTTP::path] action=reject" log local0. "Rejected" reject } }
- Mark_2014_16996Nimbostratus
Thanks mimlo - It worked and I marked it as the correct answer
- mimlo_61970CumulonimbusYou're welcome
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com