Forum Discussion
Hi James,
The provided example in K74012450 allows you to block certain URIs for external IPs. Its probable not the right (to complex) solution if you want to block access to a given URI for all clients.
Depending on how the "block" action should be you may use one of the iRule snippets below:
Intercept the Request and send HTTP 403 "Access Denied" response to the User-Agent:
Intercept the Request and send HTTP 403 "Access Denied" response to the User-Agent:
when HTTP_REQUEST {
if { [string tolower "[HTTP::host][HTTP::path]"] starts_with "www100.test.com/ce" } then {
HTTP::respond 403 content "<html><body><h1>Access Denied</h1></body><html>" "Content-Type" "text/html"
}
}
Intercept the Request and redirect the User-Agent to a custom error page or landing URL:
when HTTP_REQUEST {
if { [string tolower "[HTTP::host][HTTP::path]"] starts_with "www100.test.com/ce" } then {
HTTP::respond 302 "Location" "/error_page.html"
}
}
If the block list gets more complex (e.g. more entries) you may need a different technique to filter URLs. Also keep in mind that the block list in my examples are filtering request to "www100.test.com/ce*". If your web application is also accesible via lets say "https://212.212.212.212/ce" then the filtering wont work. You may need to skip checking of the HOST-Name to make the black-listing more robust...
Cheers, Kai
- JamesB12Nov 25, 2022Altocumulus
Thanks for that , Should be OK with sending
HTTP::respond 403
If i need to filter specific Source IPs say from Whitelist1 Data group allow it, block rest of it for the same URL "www100.test.com/ce". How do i match the condition with the below iRule.
when HTTP_REQUEST {
if { [string tolower "[HTTP::host][HTTP::path]"] starts_with "www100.test.com/ce" } then {
HTTP::respond 403 content "<html><body><h1>Access Denied</h1></body><html>" "Content-Type" "text/html"
}Thanks
- ScottENov 25, 2022MVP
Sounds like the piece you are looking for is a class match for the whitelist.
when HTTP_REQUEST {
if { [string tolower "[HTTP::host][HTTP::path]"] starts_with "www100.test.com/ce" } then {if { [class match [IP::client_addr] equals Whitelist1] } {
log local0.info "TESTCE: Acceptable usage from [IP::remote_addr]"} else {
HTTP::respond 403 content "<html><body><h1>Access Denied</h1></body><html>" "Content-Type" "text/html"return
}}
You can also have a pool selection with the log statement if the traffic goes to a specific pool. You can also just negate the "if" condition if you only want to action if the IP is not in the whitelist.
Scott