Forum Discussion
need help to simple redirect and whitelist of uri
hi out there I have a few small problems whereto I need a bit help - first I need to ensure that when a client visits a given site he will be directed to only one uri - eg:
external is we launching https://front-site.dk which internally connects to http://web01.internal.local/webconnect
second I need to ensure that only a given set of uri's can be accessed - eg:
https://front-site.dk/webservice1.aspx https://front-site.dk/webservice2.aspx but not f.ex webservice3.aspx
I have tried to look at a solution offered to one here which where running on a ltm 9.x - we have 11.3 - but I have some problems with getting the syntax correct for the datagroups - can you try to show me a simple sample? I have been looking at the fields offred in the http-profile for uri's - can this be used for this? And if so - how?
best regards /ti
3 Replies
- Kevin_Stewart
Employee
Try this:
(string-based) Date group:
ltm data-group internal my_allowed_uris { records { /webservice1.aspx { } /webservice2.aspx { } } }iRule:
when HTTP_REQUEST { if { ( [HTTP::uri] equals "/" ) or ( [class match [string tolower [HTTP::uri]] starts_with my_allowed_uris] ) } { if { [HTTP::uri] equals "/" } { HTTP::uri "/webconnect" } return } else { reject } } - tiwang
Nimbostratus
hi Again
thanks kevin - looks as if it Works fine - could I achive the same result through defining a custom httpclass for this vs and here define the uri's in? or do I miss the flexibility in the datagroup tables then?
best regards /ti
- Kevin_Stewart
Employee
could I achive the same result through defining a custom httpclass
Yes you could, but I don't think it'd be any less complex.
1st httpclass: "root"
- URI Paths: Match Only
- URI Pattern: /
- Entity Type: Pattern String
- Send to: None
- Rewrite URI: /webconnect
2nd httpclass: "webservice"
- URI Paths: Match Only
- URI Pattern: /webservice1.aspx
- URI Pattern: /webservice2.aspx
- Entity Type: Pattern String
- Send to: None
- Rewrite URI: Empty
3rd httpclass: "all-others"
- URI Paths: Match All
- Send to: Redirect to
- Redirect to: Location: [some arbitrary URI]
These HTTP classes would need to be in this order applied to the VIP, and you can't drop a request like you can in the iRule, so you'd most likely have to redirect the user to something.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com