For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Gill_32697's avatar
Gill_32697
Icon for Nimbostratus rankNimbostratus
Dec 03, 2013

redirect to 403 page error

Using the irule below.Instead of the client getting a blank page, I'd like to redirect them or dispay a 403 page error. Where in this irule would I add that. Uswhen HTTP_REQUEST {

 

if { ( [string tolower [HTTP::uri]] starts_with "/books" ) } { if { not ( [IP::addr [IP::client_addr] equals "55.66.77.88"] ) or not ( [IP::addr [IP::client_addr] equals "66.77.88.99"] or not ( [IP::addr [IP::client_addr] equals "77.88.99.10"] ) } { HTTP::redirect "https://[HTTP::host]/" } } }

 

6 Replies

  • Thomas_Gobet's avatar
    Thomas_Gobet
    Icon for Nimbostratus rankNimbostratus
    Dec 03, 2013

    Could you tell us under which condition you'd like to redirect your client ?

     

    Remember to paste code with a tabulation at the beginning of the line, it will easier to read it.

     

  • Gill_32697's avatar
    Gill_32697
    Icon for Nimbostratus rankNimbostratus
    Dec 03, 2013

    If the client uri starts with /books, but is not from one of these 3 ip's then they are denied access to page. currently they get a white blank page. We would like the browser to return a 403 page error. So Here is the logic...

     

    Vip ip/dns name is //mystore.com If client is going to //mystore.com - then allow If client is going to //mystore.com/books and src ip is one of the 3 ip's - then all.

     

    anything else gets the 403...

     

    So far looks to be working for //mystore.com clients, we are waiting for /books src ip's to test. Currently if client is //mystore/books and not the src IP's, they get a blank page, that's good but would like the 403 page.

     

    when HTTP_REQUEST {

     

    if { ( [string tolower [HTTP::uri]] starts_with "/books" ) } { if { not ( [IP::addr [IP::client_addr] equals "55.66.77.88"] ) or not ( [IP::addr [IP::client_addr] equals "66.77.88.99"] or not ( [IP::addr [IP::client_addr] equals "77.88.99.10"] ) } { HTTP::redirect "https://[HTTP::host]/" } } }

     

  • Thomas_Gobet's avatar
    Thomas_Gobet
    Icon for Nimbostratus rankNimbostratus
    Dec 03, 2013

    Could you please add a tabulation or do ctrl+k when you insert code ?

     

    Your iRule should work, but it can be improved by using a datagroup instead of multiple single IPs.

     

  • Gill_32697's avatar
    Gill_32697
    Icon for Nimbostratus rankNimbostratus
    Dec 03, 2013

    Thanks, but Im not getting a 403 message. I just get a blank page, how do I get 403 display on the page.

     

  • nathe's avatar
    nathe
    Icon for Cirrocumulus rankCirrocumulus
    Dec 03, 2013

    Gilbert

    You can use the HTTP::respond command.HTTP::respond wiki

    So something like:

    HTTP::respond 403 content {Blocked!}

    Hope this helps, N