Forum Discussion
iRule
Cirrus
CirrusNeed to restrict access to URLs
Hello team,
I have a new https://xyz.com that needs to be published to internet. We are planning to launch its services in phases.
For 1st phase I have received set of 29 URI paths (These are wildcard URI path i.e https://xyz.com/asdf/xyz/morning*) that needs to be accessible from internet public IPv4 & public IPv6 IPs.
Any other URI paths than these 29 paths should be redirected to https://oldapplication.com when accessed from internet public IPv4 & public IPv6 IPs.
Access to https://xyz.com from internal organization private IPs should be accessible without any URI path restriction.
Please inform how I can achieve above requirement using iRule or LTM policy or WAF.
Thanks in advance
- Paulius
MVP
iRule What would you like the action to be if the request to the virtual server (VS) isn't xyz.com? If you want it to just go to the default pool associated to the VS then the following iRule should work for your purposes. Please keep in mind that you will have to be performing SSL termination on this VS otherwise you will not be able to do anything with the HTTPS traffic at the HEADER level. Additionally, you will need to create two data-groups, one for your companies private IP space and the other with the 29 URI paths without the * at the end. The data-groups are called CLASS-private_net for the private IP space and the other is CLASS-xyz.com for the URI paths for xyz.com.
when CLIENT_ACCEPTED priority 500 { set DEFAULT_POOL [LB::server pool] } when HTTP_REQUEST priority 500 { set URI [string tolower [HTTP::uri]] if { [HTTP::host] == "xyz.com" } { if { [class --match [IP::client_addr] equals CLASS-private_net] } { ${DEFAULT_POOL} } elseif { !([class --match ${URI} starts_with CLASS-xyz.com]) } { HTTP::respond 301 Location "https://https://oldapplication.com/${URI}" } } else { $DEFAULT_POOL } } - JRahm
Admin
How the heck did "iRule" as a username last until 2020!! Nice pick...
