Forum Discussion
NimbostratusSome URI bypass iRule.
I have a simple iRule that checks the User-Agent string in the HTTP header and matches against a data group list. The purpose is to block web crawlers from crawling our websites.
when HTTP_REQUEST {
if {[class match [HTTP::header "User-Agent"] contains "list_of_crawlers"]} {
only enable log local0. for troubleshooting
log local0. "[HTTP::host] [HTTP::uri] connection dropped from [IP::client_addr]"
reject
return
}
}
This iRule works when going to the main URL, i.e .
However, if I start with or (APM), it seems to bypass the iRule and display the page (in help.html) or error (when accessing my.policy).
Granted, these are F5 elements (files in hosted content or APM), but I would expect the rule to still work.
Is that by design?
4 Replies
m_soeYou might want to take a look at this article:
https://devcentral.f5.com/articles/http-event-order-access-policy-manager
It says:
"For APM internal URIs, like /my.policy and /my.logout, the HTTP_REQUEST/HTTP_RESPONSE events don’t fire as you would expect beginning in v11.x. The traditional method to work around this (and other module complexities) is to use the vip targeting vip configuration"
C_KimThat makes sense. Thanks for the clarification!
mike_246361You might want to take a look at this article:
https://devcentral.f5.com/articles/http-event-order-access-policy-manager
It says:
"For APM internal URIs, like /my.policy and /my.logout, the HTTP_REQUEST/HTTP_RESPONSE events don’t fire as you would expect beginning in v11.x. The traditional method to work around this (and other module complexities) is to use the vip targeting vip configuration"
- C_Kim
That makes sense. Thanks for the clarification!
