Forum Discussion

iRule's avatar
iRule
Icon for Cirrus rankCirrus
Dec 03, 2024

Need to restrict access to URLs

Hello team, I have a new https://xyz.com that needs to be published to internet. We are planning to launch its services in phases.   For 1st phase I have received set of 29 URI paths (These are wi...
adc
application delivery
iRules
LTM
waf
Paulius's avatar
Paulius
Icon for MVP rankMVP
Dec 04, 2024

iRule What would you like the action to be if the request to the virtual server (VS) isn't xyz.com? If you want it to just go to the default pool associated to the VS then the following iRule should work for your purposes. Please keep in mind that you will have to be performing SSL termination on this VS otherwise you will not be able to do anything with the HTTPS traffic at the HEADER level. Additionally, you will need to create two data-groups, one for your companies private IP space and the other with the 29 URI paths without the * at the end. The data-groups are called CLASS-private_net for the private IP space and the other is CLASS-xyz.com for the URI paths for xyz.com.

when CLIENT_ACCEPTED priority 500 {

    set DEFAULT_POOL [LB::server pool]

}

when HTTP_REQUEST priority 500 {

    set URI [string tolower [HTTP::uri]]

    if { [HTTP::host] == "xyz.com" } {
        if { [class --match [IP::client_addr] equals CLASS-private_net] } {
            ${DEFAULT_POOL}
        } elseif { !([class --match ${URI} starts_with CLASS-xyz.com]) } {
            HTTP::respond 301 Location "https://https://oldapplication.com/${URI}"
        }
    } else {
        $DEFAULT_POOL
    }

}