Forum Discussion
Irule to match a Domain
Guys I really need your help. Im currently working on a request. Lets say i have the below URL
https://abd.com/files/jaskjaskjsakjasjk.jpg
Customers are asking me to disable anything that comes after the /files that has an image extension like jpg, pdf and png, from anyone communicating from the outside, except for internal IPs and Several domain like amazon, twitter, should have access to the above URL.
I had some luck on confguring it on the LTM policies section, but i couldnt match the domain. So is there an irule which will work on this.
Hi mj16othman,
you could use this iRule.
when HTTP_REQUEST { if { [string tolower [HTTP::host][HTTP::path]] starts_with "abc.com/files" } { switch -glob [string tolower [HTTP::path]] { "*.gif" - "*.jpg" - "*.jpeg" - "*.png" { # Drop if URI ends with a static file type drop } default { return } } } }
If you want to filter by source IP, I would do this inside the switch statement with a datagroup matching.
However... how will you get all the IP addresses from Amazon, Twitter and so on?- You could do a reverse lookup and check whether the IP belongs to Amazon or similar. - with an awful penalty on performance of the iRule and no guarantee that this is a 100% solution. Not all IPs have reverse records.
- You could check if they have an API (example: https://ip-ranges.amazonaws.com/ip-ranges.json) and convert them to a datagroup. Requires automation.
- You could also implement the whole thing with APM. Again - how to get the list of allowed source IPs?
KR
Daniel
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com