Forum Discussion
Jay_Christopher
Nimbostratus
NimbostratusUsing an iRule to create an access control list.
Is it possible to put a list of regular expressions into a data group and use an iRule to evaluate them against a URI.
I am thinking it would look something like this:
when HTTP_REQUEST {
if { [matchclass [HTTP::uri] equals $::uri_allow] } {
log local0. " URL ALLOWED [HTTP::uri]"
} else {
log local0. "!!!! URL DENIED !!!! [HTTP::uri]"
}
}
The list may contain things like:
^/favicon.ico$
^/images/.*\.(gif|jpg|jpeg|bmp)$
^/docs/.*\.(htm|html)$
- While this might be possible, I would think there would be quite a large performance penalty. Whenever you're talking about running a single regex, you're dealing with a fair amount of overhead, let alone multiple regexes on every incoming HTTP request.
In any event, I believe it would be possible, but you'd have to create a loop in the rule to step through each member of the data group and test that against the URI individually, then move on to the next one. The matchclass command wouldn't get you there.
-Colin - Actually, I got the word from one of the core developers that you cannot contain regular expressions in the datagroup in combination with matches_regex.
But, since a data group can behave like TCL lists, you could use a foreach loop across the data group and then do a matches_regex on each member.
-Joe
