Forum Discussion
NimbostratusNeed help to whitelist URI's
MVPAbove iRule is correct, You can remove the statement which is creating issue.
If i will be at you place then can try negative scenario and short irule for fun. You can try to use URI_DB class to add and remove the URI.
when HTTP_REQUEST {
if { !([class match [IP::client_addr] equals internal_subnets]) && ([class match [HTTP::uri] starts_with URI_DB) } {
HTTP::redirect "http://app.com/sorry.html"
}
else {
pool app_80_pool
}
}Add the all uri in URI_DB
"/sorry.html"
"/foo/combined.js*"
"/foo/css/*"
"/foo/desktopreset"
Please tune iRule per requirements.
Thanks
NimbostratusI really appreciate your suggestion. If I understand your iRule correctly, our external users will be having trouble getting to those specific URI's inside the URI_DB, which is not what I want. Let me try to explain my end game here.
- There will be no restrictions to access the app for internal users whatsoever. We use source IP addresses to identify them.
- External users can only have access to a small subset of the app with some restrictions. They will be allowed to access only the URI's defined under the "switch -glob" inside the iRule (i.e. those /foo/....URI's you see in the original post) and they are also allowed access the main page "app.com"
- Finally, if the external users try to access stuff that are not allowed, we want to send them to the sorry.html page.
This is essentially like if you're inside my house, you can use whatever stuff you want. If you're outside, you can only use my bucket and shovel. If you try to borrow something else, I'm sorry. :)
I couldn't get the last condition to work.
