For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

david_blake_230's avatar
david_blake_230
Icon for Nimbostratus rankNimbostratus
Oct 23, 2015

Trying to Block a small group of pages using an iRule

Hello all, new to the F5 world, attempting to write my first iRule. We need an iRule to block a hand full of pages. This is the iRule we built and would not let us in through the F5 once we attached the iRule to a virtual server.

 

Second attempt

 

when HTTP_REQUEST { switch -glob [string tolower [HTTP::uri ]] { "/apscript.html" - "/appdet.html" { reject } default { return } } }

 

First attempt

 

when HTTP_REQUEST { switch [string tolower [HTTP::uri ]] { "/apscript.html" - "/appdet.html" - "/aplogon.html" { drop } } }

 

We are running version 11 of F5, we want to drop the 2 pages and allow everything else through.

 

9 Replies

  • Brad_Parker_139's avatar
    Brad_Parker_139
    Icon for Nacreous rankNacreous
    Oct 23, 2015

    Almost there.

    when HTTP_REQUEST {
    switch -glob [string tolower [HTTP::uri]] {
        "/apscript.html" - "/appdet.html" {
            reject
        }
        default {
            return
        }
    }
}
    • david_blake_230's avatar
      david_blake_230
      Icon for Nimbostratus rankNimbostratus
      Oct 23, 2015
      I need to add a condition to block "/webtools/*" how can that be accomplished?
    • Brad_Parker_139's avatar
      Brad_Parker_139
      Icon for Nacreous rankNacreous
      Oct 23, 2015
      just add it like this: when HTTP_REQUEST { switch -glob [string tolower [HTTP::uri]] { "/apscript.html" - "/appdet.html" { reject } "/webtools/*" { do something } default { return } } }
    • Brad_Parker_139's avatar
      Brad_Parker_139
      Icon for Nacreous rankNacreous
      Oct 23, 2015
      or if you are just wanting it to reject like the other two, when HTTP_REQUEST { switch -glob [string tolower [HTTP::uri]] { "/apscript.html" - "/appdet.html" - "/webtools/*" { reject } default { return } } }
  • Brad_Parker's avatar
    Brad_Parker
    Icon for Cirrus rankCirrus
    Oct 23, 2015

    Almost there.

    when HTTP_REQUEST {
    switch -glob [string tolower [HTTP::uri]] {
        "/apscript.html" - "/appdet.html" {
            reject
        }
        default {
            return
        }
    }
}
    • david_blake_230's avatar
      david_blake_230
      Icon for Nimbostratus rankNimbostratus
      Oct 23, 2015
      I need to add a condition to block "/webtools/*" how can that be accomplished?
    • Brad_Parker's avatar
      Brad_Parker
      Icon for Cirrus rankCirrus
      Oct 23, 2015
      just add it like this: when HTTP_REQUEST { switch -glob [string tolower [HTTP::uri]] { "/apscript.html" - "/appdet.html" { reject } "/webtools/*" { do something } default { return } } }
    • Brad_Parker's avatar
      Brad_Parker
      Icon for Cirrus rankCirrus
      Oct 23, 2015
      or if you are just wanting it to reject like the other two, when HTTP_REQUEST { switch -glob [string tolower [HTTP::uri]] { "/apscript.html" - "/appdet.html" - "/webtools/*" { reject } default { return } } }
  • Hannes_Rapp's avatar
    Hannes_Rapp
    Icon for Nimbostratus rankNimbostratus
    Oct 23, 2015

    You're were quite close. Try the code below.

     

    Cause:

     

    Your 
    [HTTP::uri]
    function had unnecessary appendix

     

     

    Mere recommendations:

     

    the 
    [HTTP::path]
    function will suffice here

     

    -glob
    flag in the switch statement is not required since you dont have any specific expressions such as wildcard symbols

     

    when HTTP_REQUEST {

  switch [string tolower [HTTP::path]] {
    "/apscript.html" -
    "/appdet.html" {
      drop
    } default {
      return 
    }
  }

}