Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

Forum Discussion

dgytech's avatar
dgytech
Icon for Altostratus rankAltostratus
Dec 03, 2015

Nested switch in HTTP_REQUEST/ignore case

I'm trying to create an iRule that only allows specific domain/URI but also allows specific wildcard directories (i.e. "/Images*") and ignores case. Example below works great for limiting the host/U...
big-ip
security
StephanManthey's avatar
StephanManthey
Icon for Nacreous rankNacreous
Dec 03, 2015

Hi,

the iRule below should solve it: 
when HTTP_REQUEST {
    set uri [string tolower [HTTP::uri]]
    if {[string tolower [HTTP::host]] equals "xyz.com"} {
        switch -glob [string tolower [HTTP::path]] {
            "/images*" -
            "/advocateprofileservice.svc"  {
                pool xyz_pool
                return
            }
            default {
                HTTP::respond 403
                return
            }
        }
    } else {
        HTTP::respond 403
        return
    }
}

Please see the wiki pages for switch regarding the syntax details.

For testing you may want use cURL directly on your BIG-IP as follows: 
curl -v -X HEAD -H "Host: xyz.com" "http:///images/test.jpg"
curl -v -X HEAD -H "Host: xyz.com" "http:///internal/test.jpg"
curl -v -X HEAD "Host: xyz.com" "http:///advocateprofileservice.svc"
curl -v -X HEAD "Host: xyz.com" "http:///internal/advocateprofileservice.svc"

Be aware, that all changes to your iRule will affect new connections only. For testing with a browser you may want to close all open browser windows after applying a change to your iRule.

Thanks, Stephan