For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Paul_125684's avatar
Paul_125684
Icon for Nimbostratus rankNimbostratus
Jul 28, 2016

Using iRule to block a URL in Virtual server but doesn't work

I created a virtual server for a web site (10.11.12.100, www.abc.com) and using irule want to block a sub-site "www.abc.com/xyz" with below irule command but seems not work, please advise.

 

when HTTP_REQUEST { if { ( [string tolower [HTTP::path]] contains "/xyz" ) } { log local0. "dropped" HTTP::respond 200 content "URL Blocked" } }

 

devops
iRules

9 Replies

  • boneyard's avatar
    boneyard
    Icon for MVP rankMVP
    Jul 28, 2016

    it is working for me:

    curl -v http://10.3.22.85/xyz

Jul 28 21:27:40 bigip-01 info tmm1[21016]: Rule /Common/irule-devcentral-test : dropped

    what isn't for you?

  • Yann_Desmarest_'s avatar
    Yann_Desmarest_
    Icon for Nacreous rankNacreous
    Jul 28, 2016

    Hi,

    Do you have other irules attached to your Virtual Server ?

    Can you check ltm logs in /var/log/ltm looking for TCL errors. Typical case is when you see this kind of log : 

    Operation not supported. Multiple redirect/respond invocations not allowed

    • boneyard's avatar
      boneyard
      Icon for MVP rankMVP
      Jul 29, 2016

      what does happen? if you start with a log message is that shown? first determine the basics before trying all kind of variations.

       

  • Yann_Desmarest's avatar
    Yann_Desmarest
    Icon for Cirrus rankCirrus
    Jul 28, 2016

    Hi,

    Do you have other irules attached to your Virtual Server ?

    Can you check ltm logs in /var/log/ltm looking for TCL errors. Typical case is when you see this kind of log : 

    Operation not supported. Multiple redirect/respond invocations not allowed

    • boneyard's avatar
      boneyard
      Icon for MVP rankMVP
      Jul 29, 2016

      what does happen? if you start with a log message is that shown? first determine the basics before trying all kind of variations.

       

  • JG's avatar
    JG
    Icon for Cumulonimbus rankCumulonimbus
    Jul 29, 2016

    Try this instead:

    when HTTP_REQUEST { 
    if { [string tolower [HTTP::path]] starts_with "/xyz" } {
        log local0. "dropped" HTTP::respond 200 content "URL Blocked"
        reject
    }
}

    .

    [Edit: Added reject, just for your testing]

  • Raj_Bhatia_1778's avatar
    Raj_Bhatia_1778
    Icon for Nimbostratus rankNimbostratus
    Jul 29, 2016

    Do you really want a response back. Try closing the TCP connection & disabling all events after the response is send.

    when HTTP_REQUEST { 
    if { ( [string tolower [HTTP::path]] contains "/xyz" ) } { 
            log local0. "dropped" 
            HTTP::respond 200 content "URL Blocked" Connection "Close" 
            TCP::close
            event disable all
        }

    }