Forum Discussion

Haroonh's avatar
Haroonh
Icon for Nimbostratus rankNimbostratus
Jun 20, 2020

Allowing access only to specified directories (HTTP::PATH) on hosts using IRULES

Hi Community,

 

I am a beginner in F5 and would like your help in achieving the following

 

would like to restrict the traffic to only to the following path(s)

 

http://hostname.mylab.com/dir1

http://hostname.mylab.com/dir2

http://hostname.mylab.com/dir3

http://hostname.mylab.com/dir4

 

Could you please tell me if the following IRule will work if not please help me in configuring this.

 

when HTTP_REQUEST {

if { (([HTTP::host] eq "hostname.mylab.com") and ([HTTP::path] eq "/dir1"))

or (([HTTP::host] eq "hostname.mylab.com") and ([HTTP::path] eq "/dir2"))

or (([HTTP::host] eq "hostname.mylab.com") and ([HTTP::path] eq "/dir3"))

or (([HTTP::host] eq "hostname.mylab.com") and ([HTTP::path] eq "/dir4")) } {

 

} else {

drop

}

}

 

I really appreciate your help and support in this

Kind Regards,

 

 

 

3 Replies

  • when HTTP_REQUEST {
        if { [HTTP::host] == "hostname.mylab.com" } {
            switch -- [HTTP::path] {
                "/dir1" -
                "/dir2" -
                "/dir3" -
                "/dir4" -
                default { drop }
            }
        } else {
            drop
        }
    }
    • Haroonh's avatar
      Haroonh
      Icon for Nimbostratus rankNimbostratus

      Thanks Pete for the reply and your time, really appreciate it.

       

      I have tried your solution but it doesn't seem to work,

       

      I implemented the following which went fine.

       

      when HTTP_REQUEST {

      if { (([HTTP::host] eq "hostname.mylab.com") and ([HTTP::uri] contains "/dir1"))

      or (([HTTP::host] eq "hostname.mylab.com") and ([HTTP::uri] contains "/dir2"))

      or (([HTTP::host] eq "hostname.mylab.com") and ([HTTP::uri] contains "/dir3"))

      or (([HTTP::host] eq "hostname.mylab.com") and ([HTTP::uri] contains "/dir4")) } {

       

      } else {

      drop

      }

      }

       

      Kind Regards,

  • Cool. I can see what i did wrong:

    when HTTP_REQUEST {
        if { [HTTP::host] == "hostname.mylab.com" } {
            switch -- [HTTP::path] {
                "/dir1" -
                "/dir2" -
                "/dir3" -
                "/dir4" { return }
                default { drop }
            }
        } else {
            drop
        }
    }

    otherwise, you can implement yours a bit differently:

    when HTTP_REQUEST {
      set urls { "/dir1*" "/dir2*" "/dir3*" }
      if { (! [HTTP::host] eq "hostname.mylab.com") or ( ! [lsearch -glob -- $urls [HTTP::path]) } { 
        drop
      }
    }

    or if the number of URLs is likely to be a large number ( 20+ ) then you can put them into a datagroup and match against that.

    You can also implement this in an LTM policy which would be more performant.

    When testing this sort of thing it is a good idea with a range of tests for different urls and formats to check it works as expected, it is easy to find a corner case.