For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

rgk_76855's avatar
rgk_76855
Icon for Nimbostratus rankNimbostratus
Feb 25, 2010

LTM for URL/URI Filtering only (Very Urgent)

Dear All,     For URL filtering, please find attached customer's test case I have created where I want to use LTM non-inline and will send the Youtube traffic of 95 Mbps on LTM using PBR. ...
config
design
hoolio's avatar
hoolio
Icon for Cirrostratus rankCirrostratus
Feb 26, 2010
Conceptually, this seems possible to do with an iRule as long as the core router knows to route the requests but not the responses to LTM. Have you tried testing it? You'd need to configure a standard 0.0.0.0/0.0.0.0 port 80 VIP with an HTTP profile in order to use the iRule on all requests. Also, you might want to set the host to lower case before checking it in the datagroup:

 

 

if {[matchclass [string tolower [HTTP::host]] equals PTA_Blocked_list]}{

 

 

You'd potentially need to handle IP addresses as well--else clients could use the IP and bypass the filtering.

 

 

If you want to do the same validation for HTTPS traffic, you'd need a cert which the browsers accept for all external sites. You could add that to another 0.0.0.0/0.0.0.0 port 443 VIP with a client and server SSL profile added.

 

 

Aaron