Forum Discussion

Altostratus

Dec 03, 2015

Nested switch in HTTP_REQUEST/ignore case

I'm trying to create an iRule that only allows specific domain/URI but also allows specific wildcard directories (i.e. "/Images*") and ignores case. Example below works great for limiting the host/U...

BIG-IP

security

StephanManthey

Nacreous

Dec 03, 2015

Hi,

the iRule below should solve it:

when HTTP_REQUEST {
    set uri [string tolower [HTTP::uri]]
    if {[string tolower [HTTP::host]] equals "xyz.com"} {
        switch -glob [string tolower [HTTP::path]] {
            "/images*" -
            "/advocateprofileservice.svc"  {
                pool xyz_pool
                return
            }
            default {
                HTTP::respond 403
                return
            }
        }
    } else {
        HTTP::respond 403
        return
    }
}

Please see the wiki pages for switch regarding the syntax details.

For testing you may want use cURL directly on your BIG-IP as follows:

curl -v -X HEAD -H "Host: xyz.com" "http:///images/test.jpg"
curl -v -X HEAD -H "Host: xyz.com" "http:///internal/test.jpg"
curl -v -X HEAD "Host: xyz.com" "http:///advocateprofileservice.svc"
curl -v -X HEAD "Host: xyz.com" "http:///internal/advocateprofileservice.svc"

Be aware, that all changes to your iRule will affect new connections only. For testing with a browser you may want to close all open browser windows after applying a change to your iRule.

Thanks, Stephan

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)