Nested switch in HTTP_REQUEST/ignore case

Question

I'm trying to create an iRule that only allows specific domain/URI but also allows specific wildcard directories (i.e. "/Images*") and ignores case.  Example below works great for limiting the host/URI and ignoring case but switch does not work.  I hope I can explain this clearly...
so my end goal would basically be...
https://XYZ.com/advocateprofileservice.svc = pool
https://XYZ.com/AdvocateProfileService.svc = pool
https://XYZ.com/internal/advocateprofileservice.svc = 403
https://XYZ.com/internal/AdvocateProfileService.svc = 403
https://XYZ.com/Images/test.jpg = PASS (currently not working)
https://XYZ.com/internal/Images/test.jpg = 403 (currently not working)
all else = 403
=====EXAMPLE=====
when HTTP_REQUEST {
set uri [string tolower [HTTP::uri]]
switch [HTTP::host] {
"XYZ.com" {
switch -glob [HTTP::uri] {

"/Images*" {

pool XYZ_pool}

}
}
}
if { [HTTP::host] equals "XYZ.com" and $uri equals "/advocateprofileservice.svc" or
   [HTTP::host] equals "XYZ.com" and $uri equals "/advocateprofileservice.svc?singlewsdl" or

[HTTP::host] equals "XYZ.com" and $uri equals "/advocateservice.svc"} {

pool XYZ_pool

}  elseif {[HTTP::host] equals "XYZ.com"} {
HTTP::respond 403

}
}

stephanmanthey · Answer

Hi,
the iRule below should solve it:
when HTTP_REQUEST {
    set uri [string tolower [HTTP::uri]]
    if {[string tolower [HTTP::host]] equals "xyz.com"} {
        switch -glob [string tolower [HTTP::path]] {
            "/images*" -
            "/advocateprofileservice.svc"  {
                pool xyz_pool
                return
            }
            default {
                HTTP::respond 403
                return
            }
        }
    } else {
        HTTP::respond 403
        return
    }
}

Please see the wiki pages for switch regarding the syntax details.
For testing you may want use cURL directly on your BIG-IP as follows:   
curl -v -X HEAD -H "Host: xyz.com" "http:///images/test.jpg"
curl -v -X HEAD -H "Host: xyz.com" "http:///internal/test.jpg"
curl -v -X HEAD "Host: xyz.com" "http:///advocateprofileservice.svc"
curl -v -X HEAD "Host: xyz.com" "http:///internal/advocateprofileservice.svc"

Be aware, that all changes to your iRule will affect new connections only. For testing with a browser you may want to close all open browser windows after applying a change to your iRule.
Thanks, Stephan

Forum Discussion

Nested switch in HTTP_REQUEST/ignore case

1 Reply

Bram - January 2026 Featured Member

F5 Container Ingress Services (CIS) and using k8s traffic policies to send traffic directly to pods

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

2026 301a exam

How can I measure Advanced WAF (ASM) throughput on a running BIG-IP VE (per VIP / per policy)?

Question about adding VEs to existing physical appliance device group without ASM licenses

What is the best practice for migrating from iseries to rseries?

BIG-IP i11000 – License compatibility with TMOS versions above 14.1.2 and Web GUI inaccessible

Related Content

Intermediate iRules: Nested Conditionals

BotPoke Scanner Switches IP

Achieving Low Latency and Resiliency with F5 Distributed Cloud CE and Arista Switch

SSL Orchestrator Use Case: Inbound SNI Switching

Help with irule using switch

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS