Selective Access within Application via iRule

Question

Greetings, iRule experts!&nbsp;
I'm trying to block access to certain pages within application using data group but can't make it work. The problem is that blocked and accessible pages are located under the same /Application. Example, URI /Application/Administration/Index.aspx must be blocked, whereas URI /Application/PasswordReset/Index.aspx should be accessible. Another difficulty is that every page has multiple page objects (.js, .css, etc.). &nbsp;
What would be best solution for this? Many thanks!&nbsp;

andos · Answer

You could use an irule.
If everything under say /Application/Administration/ should be blocked and /Application/PasswordReset/ should be allowed then perhaps the irule in this thread might be what you are after.
https://devcentral.f5.com/questions/block-url-49989
Just have your datagroup as
class blockthis {
    "/application/administration/"
    "/application/anotherblocked/"
}

and change equals to starts_with in the evaluation
when HTTP_REQUEST {
    if { [class match [string tolower [HTTP::uri]] starts_with blockthis] } {
        drop
   }
}

/Andreas

nick_palmer_f5 · Answer

Hi Andreas, and thanks for your comment! My issue was CaSe SensiTive. I went with data group and string tolower.&nbsp;

Forum Discussion

Selective Access within Application via iRule

Recent Discussions

Background Tasks

APM with EntraID as idP / request signed

Should config via cli rather than gui?

APM Modern Customization - modify Header in user-common.js and form in user-logon.js

Which process is consuming higher CPU

Related Content

Selective mutual authentication by HTTP::Host

No more http Portal Access

Selective SNAT problem

Optimize access to GIS applications

APM access policy in non Comon partition - not working

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS