Forum Discussion
LyonsG_85618
Cirrostratus
CirrostratusIRULE to block URI after a specific date
I have been asked to create VIP to route traffic through to a test web server.
What the customer want is a test URI that has an expiry date. The date will then be verified aganist the current date and if it has expired they customer will receive a 404 page.
My thinking was that I will use an external class file:
"/123456789/validuri" := "12202012"
If today's date is December 6th 2012 IRULE will validate this against expiry and flag it as OK.
IRULE will then strip /123456789 and pass traffic to webserver as /validuri.
If today's date is December 25th 2012 this would should as expired and customer would receive a 404 page?
Has anyone seen anything like this?
I have had a look in forums but couldn't find a match anywhere.
Is this even possible?
Thanks in advance!
hooleylistHi Graham,
This should be doable, but keep in mind that the logic of the iRule could be bypassed:
http://devcentral.f5.com/Default.aspx?tabid=53&view=topic&postid=30900&ptarget=30901
Basically, you could use [class match -value [HTTP::uri] starts_with uri_to_date_dg] to get the "expire date" and then check if the current date ([clock format [clock seconds] -format "%d%m%Y ) is earlier.
https://devcentral.f5.com/wiki/iRules.class.ashx
http://www.tcl.tk/man/tcl8.4/TclCmd/clock.htm
Aaron
LyonsG_85618Thanks Aaron
I am going to give this a bash today and see how I get on.
Regards
- hooleylistSounds good. Let us know if you get stuck.
Aaron - LyonsG_85618I have managed to get the date check working and now 'expired' hosts get sent to a notfound page:
when HTTP_REQUEST {
set debug 1
set datecheck CLASS_DATE_CHECK
set today [clock format [clock seconds] -format {%Y%m%d} ]
set expiry_date [class match -value [string tolower [HTTP::uri]] starts_with $datecheck]
set uriexpired 0
if {($expiry_date < $today)} {
set uriexpired 1
}
if {($uriexpired equals "1") and ([HTTP::uri] equals [class match -name [string tolower [HTTP::uri]] starts_with $datecheck])} {
if {$debug > 0} {
log local0. "uri=[HTTP::uri] and Classmatch=[class match -name [string tolower [HTTP::uri]] starts_with $datecheck]"
}
HTTP::respond 302 noserver Location "http://www.test.com/notfound"
Still looking at the URI part though. My customer wants to publish a random string before the actual 'real' uri.
i.e. http://www.test.com/123456789/testsite1
I need to remove the /123456789 before passing to pool and then add it back in before responding to clients.
As the string will be randomly generated I cannot use a string replace.
I was looking at stream profile's too but not sure which option would work best?
Any thoughts? 
nitassEmployee
I need to remove the /123456789 before passing to pool and then add it back in before responding to clients. can we strip off random string using "scan" command and set new uri using "HTTP::uri" command? i do not think we need to put random string back because HTTP::uri does not change uri in browser.% set uri "/123456789/testsite1" /123456789/testsite1 % scan $uri {/%*[^/]%s} real 1 % put $real /testsite1
HTTP::uri wiki
https://devcentral.f5.com/wiki/iRules.HTTP__uri.ashx
hope this helps.- LyonsG_85618Nitass - thanks for response.
Not sure I follow this though ?
% set uri "/123456789/testsite1"
/123456789/testsite1
% scan $uri {/%*[^/]%s} real
1
% put $real
/testsite1
I was looking at doing this
if {[HTTP::uri] starts_with "/xxl"} {
HTTP::uri [string range [HTTP::uri] 9 end]
Which would mean they would need to start their random string withh xx and IRULE would strip off the characters.
I could then add this back in under HTTP response? - Arie
Altostratus
I noticed that you're using a 302 to send people to the Not Found page:
HTTP::respond 302 noserver Location "http://www.test.com/notfound"Depending on how that page is handled you may be sending a 200 OK instead of a 404 (or 410), which can cause all kinds of issues (e.g. monitoring, SEO).
Also, if the URL will never be used again you'll want to use a 301 instead of a 302.
- LyonsG_85618
Thanks Arie
We use the 302/Notfound on a lot of our sites and I am not aware of any issues.
Also - the URL depnds on what they have entered so it's not guaranteed to be a 301.
Regards
Graham
- nitassI could then add this back in under HTTP response? i do not think you have to add random string back in response because response does not contain uri.
e.g.[root@ve10:Active] config curl -I http://173.194.38.151 -H "Host: www.google.com.sg" HTTP/1.1 200 OK Date: Sat, 26 Jan 2013 05:36:46 GMT Expires: -1 Cache-Control: private, max-age=0 Content-Type: text/html; charset=ISO-8859-1 Set-Cookie: PREF=ID=626f6a4a1383b4d0:FF=0:TM=1359178606:LM=1359178606:S=HiBcK-bkAGzoSgye; expires=Mon, 26-Jan-2015 05:36:46 GMT; path=/; domain=.google.com.sg Set-Cookie: NID=67=PQ8Uh28-eIqGM8pHjg7epoVjKgqvs8OGq4gYUr1-rFpuOIwN2nGWBy72iIpF2nqlEu51v6KDfWHnlKl2bDeAhyQsSllHNjHlvMf972l8ho46SU8rBcZFlSqXRpkSdfm6; expires=Sun, 28-Jul-2013 05:36:46 GMT; path=/; domain=.google.com.sg; HttpOnly P3P: CP="This is not a P3P policy! See http://www.google.com/support/accounts/bin/answer.py?hl=en&answer=151657 for more info." Server: gws X-XSS-Protection: 1; mode=block X-Frame-Options: SAMEORIGIN Transfer-Encoding: chunked