BMeyering_10972
Aug 14, 2012Nimbostratus
irule to block file types from extenal client IP
Hi,We are attempting to create a irule to block external users from downloading sharepoint files.
Extenal user are connecting via external F5 v11.1 running APM/LTM. Access policy connects to an Internal F5 running 10.2 which is LB for sharepoint farm. External user traffic is SNAT'd behind static SNAT address. This is want we came up with but ... we get a error parsing the irules.
line 2: [parse error: PARSE syntax 62 {syntax error in expression " [IP::client_addr] equals x.x.x.166 and [HTTP::host] strin...": extra tokens at end of expression}] [{ [IP::client_addr] equals x.x.x.166 and [HTTP::host] string tolower contains "devintdocs" {
line 22: [undefined procedure: else
when HTTP_REQUEST {
if { [IP::client_addr] equals x.x.x.166 and [HTTP::host] string tolower contains "devintdocs" {
switch -glob string tolower [HTTP::uri] {
"*.xls" -
"*.xlsx" -
"*.doc" -
"*.docx" -
"*.ppt" -
"*.pptx" }{
HTTP::respond 200 content {
Apology Page
We are sorry, but the document you are attempting to access is restricted by Corporate Policy. If you feel you have reached this page in error, please contact your supervisor.
}
}
}
} else {
switch -glob [HTTP::host] {
"devintportal" { pool sharepoint_devint_Pool1 }
"devintmy" { pool sharepoint_devint_Pool2 }
"devintdocs" { pool sharepoint_devint_Pool3 }
"devintteams" { pool sharepoint_devint_Pool4 }
"partners" { pool sharepoint_devint_Pool5 }
}
}
} line 2: [parse error: PARSE syntax 62 {syntax error in expression " [IP::client_addr] equals 1.206.1.166 and [HTTP::host] strin...": extra tokens at end of expression}] [{ [IP::client_addr] equals 1.206.1.166 and [HTTP::host] string tolower contains "devintdocs" {
line 22: [undefined procedure: else
when HTTP_REQUEST {
if { [IP::client_addr] equals 1.206.1.166 and [HTTP::host] string tolower contains "devintdocs" {
switch -glob string tolower [HTTP::uri] {
"*.xls" -
"*.xlsx" -
"*.doc" -
"*.docx" -
"*.ppt" -
"*.pptx" }{
HTTP::respond 200 content {
Apology Page
We are sorry, but the document you are attempting to access is restricted by Corporate Policy. If you feel you have reached this page in error, please contact your supervisor.
}
}
}
} else {
switch -glob [HTTP::host] {
"devintportal" { pool sharepoint_devint_Pool1 }
"devintmy" { pool sharepoint_devint_Pool2 }
"devintdocs" { pool sharepoint_devint_Pool3 }
"devintteams" { pool sharepoint_devint_Pool4 }
"partners" { pool sharepoint_devint_Pool5 }
}
}
}