iRules -- IF / ELSE / OR

Question

Hi,
Hoping someone can help me with an iRule problem I'm having. If this isn't the right place... please accept my apologies and let me know the right place. This is my first post, please be gentle.
Our site is built in Oracle Application Express (APEX) we have an html file (say 'myfile.html') which routes through to the DAD as /pls/myenvironment/f?p=13000:101:
So, I have the following iRule...
when HTTP_REQUEST {
    if {  (  [HTTP::uri] equals "/myfile") } {
        HTTP::path "myfile.html"
        pool mypool
        }
else {HTTP::respond 404 content {FS5 Page Not FoundFS5 Page Not Found}}}

Doesn't work as desired, everything is blocked. 
However, if my iRule was...
when HTTP_REQUEST {
    if {  (  [HTTP::uri] equals "/myfile") } {
        HTTP::path "myfile.html"
        pool mypool
        }}

... then everything works, and I mean EVERYTHING. Why is that? I have no default pool so I assumed all we would allow would be https://mysite.com/myfile ... nut no, everything is allowed through. Like, I have exposed my full 'html' folder to the internet and if some curious/malicious user was to start fiddling around with the URL, they could effectively get into places they really shouldn't. Seemingly, this is because once we load 'myfile.html' every other click within the application goes direct to the DAD mentioned before, /pls which is blocked in my first iRule example, but allowed without issue in the second. 
Couple of things worth mentioning before we carry on... from what I'm told (excuse my lack of web dev knowledge), APEX pages are split into frames/sections that each make a call to the database when you need it -- basically pages within pages. Plus we have multiple applications running out of the same database on the same DAD, an internet facing one (/pls/myenvironment/f?p=13000) and a number of back end applications we absolutely do not want on the internet (/pls/myenvironment/f?p=10000 + 11000 + 12000 + you get the idea).
I thought I could use an 'or' in my iRule to say 'if uri equals myfile OR uri starts_with /pls/myenvironment/f?p=13000' but then HTTP:path is still pointing to myfile.html which means I'm just in some eternal loop, I guess.
So... from an F5 point of view... is the best way to fix this up simply create a new DAD for the internet facing application or is there some clever iRule trickery that I've not thought about? I am assuming it is an incredibly simple thing that I am over complicating.
I hope that makes sense...
Regards, 
Tim.

hectorm · Answer

I will change the if statement as follow
if {  ( [string tolower [HTTP::uri]] starts_with "/myfile") }&nbsp;

hectorm · Answer

I will change the if statement as follow
if {  ( [string tolower [HTTP::uri]] starts_with "/myfile") }&nbsp;

charlescs · Answer

AskF5 article K9800 seems applicable here. If the virtual server does not have a OneConnect profile and the client-side connection uses keep-alive, then every request following a successful iRule pool designation will continue to be sent to that pool.

Forum Discussion

iRules -- IF / ELSE / OR

3 Replies

Recent Discussions

how can I find the software version is 32 bit or 64 bit from LTM 15.1.10.4

(How) can I get two client certificates in one APM session?

Open Redirection Mitigation

BIG-IP DNS iRule issue with static variable

Using okta as SSO to login F5 GUI

Related Content

iRule Help - if specific URL, redirect, else display a maintenance page

Hey ChatGPT, can you write iRules?

irule not closed with else { }

Decrypting BIG-IP Packet Captures without iRules

Simple Sideband - iRule sideband the easy way