Forum Discussion
IRule to block URL/URI from Data Group
Hello,
we've a VS with about 20 URLs, now I've to block Login-Sites dor the most but not all URL's, for eg:
I'd like to put all the Adresses (about 30-40) in a Data Droup List with strings and reference this List in a IRule with a Respond like "HTTP::respond 403"
Could you help me with a Syntax? Should be Case insensitive.
Thank you
here is an example:
ltm data-group internal example_uri {
records {
login { }
member { }
}
type string
}when HTTP_REQUEST {
if {[matchclass [string tolower [HTTP::uri]] contains example_uri]}{
HTTP::respond 403 content "You don't have authorization to view this page. Access Denied" noserver Content-Type text/html Connection Close Cache-Control no-cache
log local0. "deny URI: [HTTP::uri]"
}
}- kgaiglCirrocumulus
Hi mihaic,
thank you, but I need always the combination of [HTTP::host] and [HTTP::uri], becaus on some hosts the URI "login" should be allowed.
I guess the Data Group file I can manage, but the Syntax of the combination [HTTP::host] and [HTTP::uri] I'm not shure
when HTTP_REQUEST {
if { ([HTTP::host] == "www.xyz.com") and ([matchclass [string tolower [HTTP::uri]] contains example_uri]) }{
HTTP::respond 403 content "You don't have authorization to view this page. Access Denied" noserver Content-Type text/html Connection Close Cache-Control no-cache
log local0. "deny URI: [HTTP::uri]"
}
}- kgaiglCirrocumulus
Hi mihaic
with
when HTTP_REQUEST {
if { [class match [string tolower [HTTP::host][HTTP::uri]] equals BLOCK_LOGIN_SITES] } {
HTTP::respond 403
}
}it's working
thank you
Hi kgaigl ,
this should work. Note that I'm not putting URI in lowercase so /login and /LOGIN will require two different matches (they would be two different URLs indeed anyways)
when HTTP_REQUEST { set req "[string tolower [HTTP::host]][HTTP::uri]" if {[class match $req eq unallowed_datagroup]}{ HTTP::respond 403 } }
ltm data-group internal unallowed_datagroup { records { www.somesite1.org/login { } www.somesite2.org/member { } www.somesite2.org/login { } } type string }
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com