Forum Discussion
Need help on i-rule to specific uri path
Sanjay and Aaron, thanks for your input.v I'm getting a little closer. On the initial HTTP GET request this i-rule is working. However, when the testers attempt a POST, they error out with the insecure message.
I have pasted the new i-rule below. I also added logging to find out why the connection is getting reset.
The output of the log is also below the i-rule. It is the result of running a tail. It is run, greping the i-rule.
tail -f /var/log/ltm | grep /Common/Boomi_external_redirect
Thanks for your input so far, we're close.
when CLIENT_ACCEPTED {
if { [class match [IP::client_addr] equals Boomi_external] } {
pool esd-bmapi-dc1-as01-f5.lanl.gov_8077_pool
}
}
when HTTP_REQUEST {
switch -glob [string tolower [HTTP::uri -normalized]] {
"/ws/rest/external*" {
if { [class match [IP::client_addr] equals Boomi_external] } {
pool esd-bmapi-dc1-as01-f5.lanl.gov_8077_pool
} else {
reject
} log local0. "HTTP::reject_reason"
} default {
log local0. "HTTP Headers = [HTTP::host], [HTTP::uri]"
}
}
}
OUTPUT OF THE ERROR:
May 23 09:22:41 bigip1.lanl.gov err tmm1[22445]: 01220001:3: TCL error: /Common/Boomi_external_redirect <HTTP_REQUEST> - wrong # args: extra words after "else" clause in "if" command while compiling "if { [class match [IP::client_addr] equals Boomi_external] } { pool esd-bmapi-dc1-as01-f5.lanl.gov_8077_pool } else { reject ..." ("/ws/rest/external/*" arm line 2) invoked from within "switch -glob [string tolower [HTTP::uri -normalized]] { "/ws/rest/external/*" { if { [class match [IP::client_addr] equals Boomi_..."
Please don't complicate iRule by adding client_accepted event and syntaxes like HTTP::reject_reason or HTTP::has_responded. Please use the iRule posted earlier. Please take default action as appropriate in your case.
when HTTP_REQUEST {
switch -glob [string tolower [HTTP::uri -normalized]] {
"/ws/rest/external*"
{
if { [class match [IP::client_addr] equals Boomi_external] } {
pool esd-bmapi-dc1-as01-f5.lanl.gov_8077_pool
} else {
log local0. "rejected access to /ws/rest/external for [IP::client_addr]"
drop
}
} default {
return
}
}
}
For insecure errors, please check the SSL certificate is correctly added to your clientssl profile, it's trusted by the client and has correct intermediate cert associated with it.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com