Forum Discussion
NimbostratusiRule to block access to a URI based on IP Address
Hello all,
I have a public-facing website. I want to block access to a specific URI if a requesting client is not within our internal network; redirecting the client to the main page of the site. But it is not working, and can't figure why. The code I currently have is:
when HTTP_REQUEST
{
log local0. "Request from [IP::client_addr] URI: [HTTP::uri]"
if { [string tolower [HTTP::uri]] contains "/agenthub/agentPiped" }
{
if { [class match [IP::client_addr] equals ALLOWED_INTERNAL_IP_ADDRESSES ] }
{
log local0. "Request from [IP::client_addr] URI: [HTTP::uri] matched /agentPiped"
pool VFCFPROD_HTTP
}
else
{
log local0. "Request from [IP::client_addr] address not found in ALLOWED_INTERNAL_IP_ADDRESSES"
HTTP::redirect "[https://www.XYZ.com"](https://www.XYZ.com);
}
}
}
Looking in the LTM log, I only see a log entry generated by the first log local0 command of the irule:
$1
It does not look as though external traffic ever hits the second log local0 command, so it appears that none of the subsequent conditions are getting hit. but I don't understand why. Any suggestions would be greatly appreciated.
Dylan_375544Cirrocumulus
It looks like you have an "if" statement that has "string tolower" in it. That converts all of the uri to lower case. You are then trying to see if it contains "/agenthub/agentPiped" Which has an uppercase "P" in it. That uppercase "P" will not ever be there since you just converted it to all lower case.
Hope that helps!
-Dylan
Chris_BaiocchetIt was right there in front of me the whole time. Fixed the case, and iRule is working as expected.
Many thanks, Dylan.