Forum Discussion
mister_65355
Nimbostratus
Nimbostratuslimited Web
Hi All,
I will like limited the accesses Web only for http://@IP_serveur/test/ (for example only for /test/ and /test2/)
What I can make?
Thanks
mister_65355i think a solution is:
when HTTP_REQUEST {
if {[HTTP::uri] starts_with "/test/"}{
pool Pool1
} elseif {[HTTP::uri] starts_with "/test2/"}{
pool Pool1
}
}- mister_65355yes, There is only HTTP opened to the SERVEUR (all traffic are blocked by the firewall). also, I like filtred the traffic who can't firewall blocked but the BIG-IP can do it (filtred in level application).
then, permit only http://SERVEUR/test/ and http://SERVEUR/test2/
I don't think that the last solutions is the best!! :-) - JRahm
Admin
Adding an else condition with discard if you don't want to notify the client or reject if you do should take care of the requirement to only allow requests to the /test/ and /test2/ paths. - mister_65355l'd like optimased my iRule:
when HTTP_REQUEST {
if { [HTTP::host] == "app.example.com"}{
pool Pool1
} elseif {[HTTP::uri] contains "/test/"} {
pool Pool1
} elseif {[HTTP::uri] contains "/info/"} {
pool Pool1
} elseif {[HTTP::uri] contains "/test1/"} {
pool Pool1
} elseif {[HTTP::uri] contains "/test2/"} {
pool Pool1
} else {
reject
}
}
What can I do?
Thanks. - Your iRule is probably as optimized as you are going to get it. There are several ways you can write a iRule like this. One of them is with if/elseif's like you have it. If you want to optimize the way it is, then you'll need to look at patterns as to which URI's occur most often and move them up higher in the set of elseif's. But if you don't have that information, this is likely the best you can get.
With that said, since all of your elseif's are comparing the same value (HTTP::uri), then you can replace that section with a switch statement which is higher performing than if/elseifs. Something like this:when HTTP_REQUEST { if { [HTTP::host] == "app.example.com"}{ pool Pool1 } else { switch -glob [HTTP::uri] { "*/test/*" - "*/info/*" - "*/test1/*" - "*/test2/*" { pool Pool1 } default { reject } } } }
These two iRules should be functionally equivalent though.
Hope this helps...
-Joe - JRahmMaybe it's obvious to everyone, but I'd just like to point out that all app.example.com requests would be sent to pool1, as would all other hosts that contain those strings in the URI. It just seemed odd to me that there wouldn't be an alternative to reject for all other hosts.
- mister_65355The interest of this irule is to reject all the useless requests to Pool1.
