Forum Discussion
Jay_Henriques_1
Nimbostratus
NimbostratusMultiple redirect/respond invocations not allowed
I've been seeing these errors in our ltm log:
Rule LockdownExternalAccessToDIsney HTTP_REQUEST: blocked request for /en/tools/players/edit_player.php?player_id=78745123 by 112.205.165.29
...
hoolio
Cirrostratus
CirrostratusThe downside to disabling the HTTP_REQUEST event is that the iRule event would no longer trigger for the duration of the TCP connection. As both rules are related, it would be better to combine them.
Do you want to block all requests from clients not in the datagroup and redirect all others to https? If so, here is an example:
when HTTP_REQUEST {
if { not [ matchclass [ IP::client_addr] equals Disney_Public_Source_Addresses ) } {
log local0. "blocked request for [HTTP::uri] by [IP::client_addr]"
HTTP::respond 403
} else {
HTTP::respond 301 Location "https://[HTTP::host][HTTP::uri]"
}
}
If you want to keep the two rules separate, you could use a local variable to track whether a prior iRule has already issued a redirect:
rule 1
when HTTP_REQUEST {
Check if a redirect has not already been issued
if {not ([info exists redirected] and $redirected==1)}{
Check if we want to send a redirect
if { $some_logic==1}{
Send a redirect
HTTP::redirect "https://[HTTP::host][HTTP::uri]"
Track that a redirect has been sent
set redirected 1
}
}
}
rule 2
when HTTP_REQUEST {
Check if a redirect has not already been issued
if {not ([info exists redirected] and $redirected==1)}{
if { $some_other_logic==1}{
Send a redirect
HTTP::respond 403
Track that a redirect has been sent
set redirected 1
}
}
}
Aaron
