Forum Discussion
jokragly
Nimbostratus
NimbostratusNeed assistance creating iRule to restrict or allow specific URLs
For instance we have an iRule that does a simple http to https redirect, now we need to restrict that you can only hit https://mysite.com/analytics and nothing else
we need an implicit Deny except if you match the URL above
when HTTP_REQUEST { if {[HTTP::host] eq "test.mysite.com" } { if { ([HTTP::path] starts_with "/analytics") or ([HTTP::path] eq "/") } { return } else { HTTP::respond 200 content "ErrorError No Access to: [HTTP::uri]" } }}
3 Replies
hoolioCirrostratus
It would be simplest if you configured one HTTP VS and one HTTPS VS. You could then redirect all requests to the HTTP VS to HTTPS using an iRule like this:when HTTP_REQUEST { HTTP::respond 301 Location "https://[HTTP::host][HTTP::uri] }
You can use a separate iRule for the HTTPS VS to only allow access to the /analytics URI:when HTTP_REQUEST { Check if URI is not exactly /analytics if {not ([HTTP::uri] eq "/analytics")}{ reject } }
Aaron
Michael_YatesHere is an example that you can apply to both your HTTP and HTTPS Virtual Servers.
If it is not HTTPS, then it will redirect to HTTPS.
If the [HTTP::host] does not match exactly or the [HTTP::uri] does not start with "/analytics" then it will do one of actions I have commented out. You could choose the best action for your situation and alter it to your needs.when HTTP_REQUEST { if { [TCP::local_port] != "443" } { HTTP::redirect "https://[getfield [HTTP::host] ":" 1][HTTP::uri]" } if { !([HTTP::host] equals "mysite.com") or !([HTTP::uri] starts_with "/analytics") } { HTTP::respond 403 HTTP::redirect http://www.google.com HTTP::respond 301 Location "http://www.google.com" HTTP::respond 200 content "ErrorError No Access to: [HTTP::uri]" drop reject } }- jokraglyThank you for the suggestions gentleman, I will give this a try.
