Forum Discussion

sbrudolf1_14757's avatar
sbrudolf1_14757
Icon for Nimbostratus rankNimbostratus
May 22, 2014

Trouble with Exclusion URI iRule

I am trying to write an iRule that disabled APM if it see's a uri and does not see a session already exists. I have a working iRule of the opposite but i can't seem to get this working properly. Did ...
application delivery
BIG-IP Access Policy Manager (APM)
design
devops
iRules
security
  • Cory_50405's avatar
    Cory_50405
    May 27, 2014

    Your latest iRule contains a capital letter in your match string. It'll never match since you are converting to lower case before comparison.

     

Matt_Breedlove_'s avatar
Matt_Breedlove_
Icon for Nimbostratus rankNimbostratus
May 23, 2014

Try this instead


when HTTP_REQUEST {
    if { ( [string tolower [HTTP::uri]] starts_with /uri1* ) and not ( [HTTP::cookie exists MRHSession] ) } {
        ACCESS::disable
    } else {
        ACCESS::enable
        return
    } 
}

or try this using the sexy switch instead of if. It is way hotter and more performant


switch -glob [string tolower [HTTP::uri]] {
   /uri1* { if { [HTTP::cookie exists MRHSession] } { 
               ACCESS::enable
               return
            } else {
               ACCESS::disable
            }
          }
}

You could also swith the if to the negative/unless form if it is logically needed in the switch

Hope this helps