Forum Discussion
ling_ma_107977
Nimbostratus
Nimbostratusirule to accomplish URI ACL
Rently, I encountered a rather complex problem about using irule on ltm 6800 to accomplish URI ACL. The requirements are as follows:
The URL format is http://172.16.1.100/a/b/c;172.16.1.100 is the vs address,a,b and c are three parts of URI and c may be files such as err.html.
When a client establishes a connection to the URL above,irule should judge all the three parts in URI,namely a,b,c.There are several situations:
1.a stands for "permit",b and c stand for "deny",you can access http://172.16.1.100/a,but not http://172.16.1.100/a/b or http://172.16.1.100/a/b/c
2.a stands for "deny",but b and c stand for "permit",so you can not access http://172.16.1.100/a,but you can http://172.16.1.100/a/b and http://172.16.1.100/a/b/c
3.a stands for "deny",b stands for "permit",but c also stands for "deny",etc
That's to say, we should judge all the three parts of URI in order to know whether the client requests should be rejected or to a certain pool.
Could you please give me some advice or some example about such requirements? Thank you!
- Hi Mary,
You can start by splitting the URI on the "/" character and extracting the directory names, then create conditions for traffic management based on the request:when HTTP_REQUEST { set dir1 [getfield [HTTP::path] "/" 2] set dir2 [getfield [HTTP::path] "/" 3] set dir3 [getfield [HTTP::path] "/" 4] if { $dir1 eq"a" and $dir2 eq "b" and $dir3 eq "c"}{ pool ABC } elseif { $dir1 eq"c" and $dir2 eq "b" and $dir3 eq "a"}{ pool CBA } else { reject } }
HTH
/deb - (edited previous post to correct syntax errors -- /deb)
- (...and edited again to create a single unified HTTP_REQUEST event setting the dir* variables -- /deb)
ling_ma_107977Thank you! I will try the irule !
