For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

mj16othman's avatar
mj16othman
Icon for Altostratus rankAltostratus
May 17, 2022

Irule to match a Domain

Guys I really need your help. Im currently working on a request. Lets say i have the below URL  https://abd.com/files/jaskjaskjsakjasjk.jpg Customers are asking me to disable anything that comes af...
application delivery
cloud
devops
security
Daniel_Wolf's avatar
Daniel_Wolf
Icon for MVP rankMVP
May 18, 2022

Hi mj16othman,

you could use this iRule.

 

when HTTP_REQUEST {
    if { [string tolower [HTTP::host][HTTP::path]] starts_with "abc.com/files" } {
        switch -glob [string tolower [HTTP::path]] {
            "*.gif" -
            "*.jpg" -
            "*.jpeg" -
            "*.png" {
                # Drop if URI ends with a static file type
                drop
            }
            default {
                return
            }
        }   
    }    
}

 

If you want to filter by source IP, I would do this inside the switch statement with a datagroup matching.
However... how will you get all the IP addresses from Amazon, Twitter and so on?

  • You could do a reverse lookup and check whether the IP belongs to Amazon or similar. - with an awful penalty on performance of the iRule and no guarantee that this is a 100% solution. Not all IPs have reverse records.
  • You could check if they have an API (example: https://ip-ranges.amazonaws.com/ip-ranges.json) and convert them to a datagroup. Requires automation.
  • You could also implement the whole thing with APM. Again - how to get the list of allowed source IPs?

KR
Daniel