For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

green_frog_2046's avatar
green_frog_2046
Icon for Nimbostratus rankNimbostratus
Jul 08, 2016

irules blocking url

Im new to irule   I need to have access requests to e.g. f5.com URL ending in /audio.mp3 blocked by the F5.   Ive asked mr google and found this link https://devcentral.f5.com/questions/how-to...
application delivery
iRules
Yann_Desmarest's avatar
Yann_Desmarest
Icon for Cirrus rankCirrus
Jul 11, 2016

Hi,

You can do the following : 

when HTTP_REQUEST {
        switch -glob [string tolower [HTTP::host]] {
            "f5.com" -
            "www.f5.com" {
                switch [string tolower [URI::basename [HTTP::path]]] {
                    "audio.mp3" -
                    "audio1.mp3" -
                    "audio2.mp3" {
                        HTTP::respond 403 content "ACCESS Denied" Connection Close
                    }
                }
            }
          }
}

You can also use a string based datagroup instead of switch commands : 

when HTTP_REQUEST {
    if { [class match [string tolower [HTTP::host]] CLASS_FQDN] and [class match [string tolower [URI::basename [HTTP::path]]] CLASS_URI_BASENAME] } {
        HTTP::respond 403 content "ACCESS Denied" Connection Close
    }
}

You just define two datagroups named CLASS_FQDN and CLASS_URI_BASENAME

You can also choose to mix datagroup and switch command : 

when HTTP_REQUEST {
    switch -glob [string tolower [HTTP::host]] {
        "f5.com" -
        "www.f5.com" {
            if { [class match [string tolower [URI::basename [HTTP::path]]] CLASS_URI_BASENAME] } {
                HTTP::respond 403 content "ACCESS Denied" Connection Close
            }
        }
    }
}

And finally, you can use directly LTM policies that allow you to graphically configure the same rules as described above, but without irule logic required.