Forum Discussion
maximillean_953
Nimbostratus
NimbostratusIrule with regex filtering migrate from netscaler
Hi,
On Netscaler migration I come to a rule that could not solve.
On netscaler responder rules there is a drop rule related with this regexp line. I wonder how can i write this on f5 irule...
Kevin_Stewart
Employee
EmployeeIf you break it down like this:
HTTP.
REQ.
URL.
PATH_AND_QUERY.
AFTER_REGEX(re/\?/).
BEFORE_REGEX(re/:/).
REGEX_MATCH(re/(action$|redirect$|redirectAction$)/)
And based on this reference:
I think what it's basically saying is this:
- Start with the full HTTP request URI (path, query string, and all)
- From that, return the string that is after the question mark (?)
- From that, return the string that is before the colon (:)
- And if the resulting string ends with ($) "action", or "redirect", or "redirectAction", then drop the request.
So then the resulting iRule might look like this:
when HTTP_REQUEST {
if { [regexp -all {(action|redirectaction|redirect)} [string tolower [findstr [HTTP::uri] "?" 1 ":"]]] > 0 } {
drop
}
}
Or, if you wanted to avoid the regex:
when HTTP_REQUEST {
if { ( [string tolower [findstr [HTTP::uri] "?" 1 ":"]] ends_with "action" ) or ( [string tolower [findstr [HTTP::uri] "?" 1 ":"]] ends_with "redirect" ) or ( [string tolower [findstr [HTTP::uri] "?" 1 ":"]] ends_with "redirectaction" ) } {
drop
}
}
Or:
when HTTP_REQUEST {
switch -glob [string tolower [findstr [HTTP::uri] "?" 1 ":"]] {
"*action" -
"*redirect" -
"*redirectaction" {
drop
}
default {
return
}
}
}
