Forum Discussion
Nimbostratusirules blocking url
Im new to irule
I need to have access requests to e.g. f5.com URL ending in /audio.mp3 blocked by the F5.
Ive asked mr google and found this link https://devcentral.f5.com/questions/how-to-block-a-specific-url but doesn't really help. Can someone give this newbie a hand?
Are there any tools to help me check syntax, learn how to become an irules wizard etc?
Thanks in advance every body.
11 Replies
Samir_Jha_52506Noctilucent
Please try this irule & use f5 iRule editor.
when HTTP_REQUEST { if { [string tolower [HTTP::uri]] ends_with "/audio.mp3" } { drop } }
green_frog_2046How do i add more then one drops? i.e audio1.mp3, audio2.mp3, song.mp3 Do i use the OR condition?
- green_frog_2046
How do i add more then one drops? i.e audio1.mp3, audio2.mp3. Do i use the OR condition?
- green_frog_2046
How do i add more then one drops? i.e audio1.mp3?
- Yann_Desmarest_
Nacreous
Hi,
You have the irules wiki here : https://devcentral.f5.com/wiki/irules.homepage.ashx
You can also have a look at the LTM policies.
Otherwise, you can use a similar irule :
when HTTP_REQUEST { if { [HTTP::host] contains "f5.com" and [URI::basename [HTTP::path]] eq "audio.mp3" } { HTTP::respond 403 content "Access Denied" Connection Close } }I have a question regarding your post, do you want to block incoming request from internet users to your own servers. Or the opposite, use F5 as a Forward Proxy and block outgoing requests to internet websites ?
- Yann_Desmarest_
If you are talking about forward proxy. I suggest to have a look at this code : HTTP_PROXY_REQUEST
Yann_DesmarestCirrus
Hi,
You have the irules wiki here : https://devcentral.f5.com/wiki/irules.homepage.ashx
You can also have a look at the LTM policies.
Otherwise, you can use a similar irule :
when HTTP_REQUEST { if { [HTTP::host] contains "f5.com" and [URI::basename [HTTP::path]] eq "audio.mp3" } { HTTP::respond 403 content "Access Denied" Connection Close } }I have a question regarding your post, do you want to block incoming request from internet users to your own servers. Or the opposite, use F5 as a Forward Proxy and block outgoing requests to internet websites ?
- Yann_Desmarest
If you are talking about forward proxy. I suggest to have a look at this code : HTTP_PROXY_REQUEST
- green_frog_2046
How do i add more then one drops? i.e audio1.mp3, audio2.mp3?
RossVermetteHere is a quick example of irule that will match for HTTP host header of (f5.com or www.f5.com) and then look for multiple files (ex audio.mp3, audio1.mp3 etc.)
Code when HTTP_REQUEST { switch -glob [string tolower [HTTP::host]] { "f5.com" - "www.f5.com" { switch -glob [string tolower [HTTP::path]] { "*/audio.mp3" - "*/audio1.mp3" - "*/audio2.mp3" { HTTP::respond 403 content "ACCESS Denided" Connection Close } } } } }Tools that I use: I currently use the F5 iRule editor to help with creating rules. I'm currently looking at eclipse with the f5 plugin, just haven't tried it out yet.
- Yann_Desmarest
Hi,
You can do the following :
when HTTP_REQUEST { switch -glob [string tolower [HTTP::host]] { "f5.com" - "www.f5.com" { switch [string tolower [URI::basename [HTTP::path]]] { "audio.mp3" - "audio1.mp3" - "audio2.mp3" { HTTP::respond 403 content "ACCESS Denied" Connection Close } } } } }You can also use a string based datagroup instead of switch commands :
when HTTP_REQUEST { if { [class match [string tolower [HTTP::host]] CLASS_FQDN] and [class match [string tolower [URI::basename [HTTP::path]]] CLASS_URI_BASENAME] } { HTTP::respond 403 content "ACCESS Denied" Connection Close } }You just define two datagroups named CLASS_FQDN and CLASS_URI_BASENAME
You can also choose to mix datagroup and switch command :
when HTTP_REQUEST { switch -glob [string tolower [HTTP::host]] { "f5.com" - "www.f5.com" { if { [class match [string tolower [URI::basename [HTTP::path]]] CLASS_URI_BASENAME] } { HTTP::respond 403 content "ACCESS Denied" Connection Close } } } }And finally, you can use directly LTM policies that allow you to graphically configure the same rules as described above, but without irule logic required.
