Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions

Allowing access only to specified directories (HTTP::PATH) on hosts using IRULES

Haroonh
Nimbostratus
Nimbostratus

‎20-Jun-2020 04:53

Hi Community,

 

I am a beginner in F5 and would like your help in achieving the following

 

would like to restrict the traffic to only to the following path(s)

 

http://hostname.mylab.com/dir1

http://hostname.mylab.com/dir2

http://hostname.mylab.com/dir3

http://hostname.mylab.com/dir4

 

Could you please tell me if the following IRule will work if not please help me in configuring this.

 

when HTTP_REQUEST {

if { (([HTTP::host] eq "hostname.mylab.com") and ([HTTP::path] eq "/dir1"))

or (([HTTP::host] eq "hostname.mylab.com") and ([HTTP::path] eq "/dir2"))

or (([HTTP::host] eq "hostname.mylab.com") and ([HTTP::path] eq "/dir3"))

or (([HTTP::host] eq "hostname.mylab.com") and ([HTTP::path] eq "/dir4")) } {

 

} else {

drop

}

}

 

I really appreciate your help and support in this

Kind Regards,

 

 

 

Labels:
0 Kudos
3 REPLIES 3

PeteWhite
F5 Employee
F5 Employee

‎20-Jun-2020 17:24 - last edited on ‎04-Jun-2023 21:24 by Fog 

when HTTP_REQUEST {
    if { [HTTP::host] == "hostname.mylab.com" } {
        switch -- [HTTP::path] {
            "/dir1" -
            "/dir2" -
            "/dir3" -
            "/dir4" -
            default { drop }
        }
    } else {
        drop
    }
}
0 Kudos

Haroonh
Nimbostratus
Nimbostratus
In response to PeteWhite

‎23-Jun-2020 03:00

Thanks Pete for the reply and your time, really appreciate it.

 

I have tried your solution but it doesn't seem to work,

 

I implemented the following which went fine.

 

when HTTP_REQUEST {

if { (([HTTP::host] eq "hostname.mylab.com") and ([HTTP::uri] contains "/dir1"))

or (([HTTP::host] eq "hostname.mylab.com") and ([HTTP::uri] contains "/dir2"))

or (([HTTP::host] eq "hostname.mylab.com") and ([HTTP::uri] contains "/dir3"))

or (([HTTP::host] eq "hostname.mylab.com") and ([HTTP::uri] contains "/dir4")) } {

 

} else {

drop

}

}

 

Kind Regards,

0 Kudos

PeteWhite
F5 Employee
F5 Employee

‎23-Jun-2020 05:21 - last edited on ‎04-Jun-2023 21:24 by Fog

Cool. I can see what i did wrong:

when HTTP_REQUEST {
    if { [HTTP::host] == "hostname.mylab.com" } {
        switch -- [HTTP::path] {
            "/dir1" -
            "/dir2" -
            "/dir3" -
            "/dir4" { return }
            default { drop }
        }
    } else {
        drop
    }
}

otherwise, you can implement yours a bit differently:

when HTTP_REQUEST {
  set urls { "/dir1*" "/dir2*" "/dir3*" }
  if { (! [HTTP::host] eq "hostname.mylab.com") or ( ! [lsearch -glob -- $urls [HTTP::path]) } { 
    drop
  }
}

or if the number of URLs is likely to be a large number ( 20+ ) then you can put them into a datagroup and match against that.

You can also implement this in an LTM policy which would be more performant.

When testing this sort of thing it is a good idea with a range of tests for different urls and formats to check it works as expected, it is easy to find a corner case.

0 Kudos
Copyright © 2023 Khoros, LLC