Forum Discussion
Chris_Olson_172
Altostratus
Altostratusirule to Block specific URLs, allow the rest
I need to block traffic from two explicit URLs, but allow all other traffic even if it starts with the same characters as what is blocked. This is my best guess at syntax. Please correct any errors y...
gscholz_370150
Nimbostratus
NimbostratusIf you remove some brackets and one of the "if"s it works. You can always test it by logging the output to /var/log/ltm, see below.
when HTTP_REQUEST {
if {[string tolower "[HTTP::host][HTTP::path]"] equals "example.domain.com/xyz/ab/"
or [string tolower "[HTTP::host][HTTP::path]"] equals "example.domain.com/xyz/ab"} {
log local0. "Rejected Connection [HTTP::host][HTTP::path], converted [string tolower [HTTP::host][HTTP::path]]"
reject
}
}
gscholz_370150Nimbostratus
NimbostratusEven if HTTPS is used the contents of the Rule don't change. It is still an HTTP request and not an HTTPS request. If you want to find out whether the iRule gets hit at all, you could add another logging line, like below. In that case you should see one entry for every HTTP request, and a second one for every rejected request.
when HTTP_REQUEST {
log local0. "Requested connection [HTTP::host][HTTP::path], converted [string tolower [HTTP::host][HTTP::path]]"
if {[string tolower "[HTTP::host][HTTP::path]"] equals "example.domain.com/xyz/ab/"
or [string tolower "[HTTP::host][HTTP::path]"] equals "example.domain.com/xyz/ab"} {
log local0. "Rejected Connection [HTTP::host][HTTP::path], converted [string tolower [HTTP::host][HTTP::path]]"
reject
}
}
If you are unsure which virtual server gets hit you should be able to see that in a packet capture using tcpdump. Do you have shell access? (In theory packet capture is possible via the GUI as well, but I found it rather painful.)
