Forum Discussion
Help for when_http_response
when HTTP_REQUEST {
if { [HTTP::uri] equals "/a/b/main.css" } {
set log_cl 1
} else {
set log_cl 0
}
}
when HTTP_RESPONSE {
if {$log_cl}{
log local0. "CSS-DEBUG: Content-Length is [HTTP::header Content-Length]"
}
}
Aaron
- zamroni777Jan 05, 2024
MVP
instead of irules scripting, you can use gui based local traffic policy.
the managebility and performance is better than irules.- CHRISTY_THOMASJan 05, 2024
Cirrus
Hi,
thanks for the response
whether it is possible to share the LTM policy for the logic i have raised !
- zamroni777Jan 05, 2024
MVP
the gui is very simple:
- Jan 05, 2024
If you still wanted to do this with an iRule, you could do something like this:
# Create internal data groups tmsh create ltm data-group internal DG-IP-WHITELIST type ip records add { 104.123.3.1 117.23.2.1 } tmsh create ltm data-group internal DG-RESTRICTED-PATHS type string records add { /abc/update } # iRule when HTTP_REQUEST { set DEBUG 1 set DEFAULT_POOL [LB::server pool] set HOST [string tolower [HTTP::host]] set PATH [HTTP::path] set CLIENT_IP [IP::client_addr] if { [class match -- $PATH contains DG-RESTRICTED-PATHS] } { if { [class match -- $CLIENT_IP equals DG-IP-WHITELIST] } { if { $DEBUG } { log local0. "$CLIENT_IP has been granted access to $HOST with path $PATH" } pool $DEFAULT_POOL } else { if { $DEBUG } { log local0. "$CLIENT_IP has been refused access to $HOST with path $PATH" } reject } } }
- CHRISTY_THOMASJan 05, 2024
Cirrus
hi,
what about below irule: whether it will meet the requirement:
when HTTP_REQUEST {
if{[HTTP::path] contains "/abc/update" and [IP::addr [IP::client_addr] equals 104.123.3.1] or [IP::addr [IP::addr [IP::client_addr] equals 117.23.2.1]}
else{
reject
}
- Jan 05, 2024
Could you confirm whether source IPs 104.123.3.1 and 117.23.2.1 should be *allowed* to access path "/abc/update". Or should they be denied?
Recent Discussions
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com