For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

dgytech's avatar
dgytech
Icon for Altostratus rankAltostratus
Dec 03, 2015

Nested switch in HTTP_REQUEST/ignore case

I'm trying to create an iRule that only allows specific domain/URI but also allows specific wildcard directories (i.e. "/Images*") and ignores case. Example below works great for limiting the host/U...
BIG-IP
security
StephanManthey's avatar
StephanManthey
Icon for Nacreous rankNacreous
Dec 03, 2015

Hi,

the iRule below should solve it: 
when HTTP_REQUEST {
    set uri [string tolower [HTTP::uri]]
    if {[string tolower [HTTP::host]] equals "xyz.com"} {
        switch -glob [string tolower [HTTP::path]] {
            "/images*" -
            "/advocateprofileservice.svc"  {
                pool xyz_pool
                return
            }
            default {
                HTTP::respond 403
                return
            }
        }
    } else {
        HTTP::respond 403
        return
    }
}

Please see the wiki pages for switch regarding the syntax details.

For testing you may want use cURL directly on your BIG-IP as follows: 
curl -v -X HEAD -H "Host: xyz.com" "http:///images/test.jpg"
curl -v -X HEAD -H "Host: xyz.com" "http:///internal/test.jpg"
curl -v -X HEAD "Host: xyz.com" "http:///advocateprofileservice.svc"
curl -v -X HEAD "Host: xyz.com" "http:///internal/advocateprofileservice.svc"

Be aware, that all changes to your iRule will affect new connections only. For testing with a browser you may want to close all open browser windows after applying a change to your iRule.

Thanks, Stephan