For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Aviv's avatar
Aviv
Icon for Cirrus rankCirrus
Jun 18, 2014

Irule Wildcard with excules

Hi !

 

I need an irule that will redirect to another url all request that contains _vti_bi but will exclude 2 url's :

 

/_/_vti_bin -> to redirect

 

/_/_vti_bin/client.svc/ProcessQuery -> dont do anything

 

/*/_vti_bin/sites.asmx ----> do not do anything

 

Thanks,

 

Aviv Hassidim

 

application delivery
devops
iRules

9 Replies

  • kunjan_118660's avatar
    kunjan_118660
    Icon for Cumulonimbus rankCumulonimbus
    Jun 18, 2014

    Try this:

    when HTTP_REQUEST {
    if { [string tolower [HTTP::uri]] contains "_vti_bi" } {
      switch -glob [string tolower [HTTP::uri]] {
        "/_/_vti_bin/client.svc/ProcessQuery" {
            return
        }
        "/*/_vti_bin/sites.asmx" {
            return
        }
        default {
            HTTP::redirect "http://www.xyz.com"
        }
      }
    }
}
    • Cory_50405's avatar
      Cory_50405
      Icon for Noctilucent rankNoctilucent
      Jun 18, 2014
      First condition in the switch will never match. Remove the capital letters from the string: "/_/_vti_bin/client.svc/processquery"
    • Aviv's avatar
      Aviv
      Icon for Cirrus rankCirrus
      Jun 22, 2014
      Hi kunjan! Thanks for your help. i tried your irule but it looks like it not work can you check if the irule works please?
  • kunjan's avatar
    kunjan
    Icon for Nimbostratus rankNimbostratus
    Jun 18, 2014

    Try this:

    when HTTP_REQUEST {
    if { [string tolower [HTTP::uri]] contains "_vti_bi" } {
      switch -glob [string tolower [HTTP::uri]] {
        "/_/_vti_bin/client.svc/ProcessQuery" {
            return
        }
        "/*/_vti_bin/sites.asmx" {
            return
        }
        default {
            HTTP::redirect "http://www.xyz.com"
        }
      }
    }
}
    • Cory_50405's avatar
      Cory_50405
      Icon for Noctilucent rankNoctilucent
      Jun 18, 2014
      First condition in the switch will never match. Remove the capital letters from the string: "/_/_vti_bin/client.svc/processquery"
    • Aviv's avatar
      Aviv
      Icon for Cirrus rankCirrus
      Jun 22, 2014
      Hi kunjan! Thanks for your help. i tried your irule but it looks like it not work can you check if the irule works please?
  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    Jun 23, 2014

    it seems okay here.

    e.g.

     config

root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm virtual bar
ltm virtual bar {
    destination 172.28.24.10:80
    ip-protocol tcp
    mask 255.255.255.255
    pool foo
    profiles {
        http { }
        tcp { }
    }
    rules {
        qux
    }
    source 0.0.0.0/0
    source-address-translation {
        type automap
    }
    vs-index 41
}
root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm rule qux
ltm rule qux {
    when HTTP_REQUEST {
  if { [HTTP::uri] contains "_vti_bi" } {
    switch -glob [HTTP::uri] {
      "/_/_vti_bin/client.svc/ProcessQuery" {
        return
      }
      "/*/_vti_bin/sites.asmx" {
        return
      }
      default {
        HTTP::redirect "http://www.xyz.com"
      }
    }
  }
}
}

 test

[root@ve11a:Active:In Sync] config  curl -I http://172.28.24.10/_/_vti_bin
HTTP/1.0 302 Found
Location: http://www.xyz.com
Server: BigIP
Connection: Keep-Alive
Content-Length: 0

[root@ve11a:Active:In Sync] config  curl -I http://172.28.24.10/_/_vti_bin/client.svc/ProcessQuery
HTTP/1.1 404 Not Found
Date: Mon, 23 Jun 2014 02:59:27 GMT
Server: Apache/2.2.3 (CentOS)
Content-Type: text/html; charset=iso-8859-1

[root@ve11a:Active:In Sync] config  curl -I http://172.28.24.10/something/_vti_bin/sites.asmx
HTTP/1.1 404 Not Found
Date: Mon, 23 Jun 2014 03:00:57 GMT
Server: Apache/2.2.3 (CentOS)
Content-Type: text/html; charset=iso-8859-1