20-Jun-2020 04:53
Hi Community,
I am a beginner in F5 and would like your help in achieving the following
would like to restrict the traffic to only to the following path(s)
http://hostname.mylab.com/dir1
http://hostname.mylab.com/dir2
http://hostname.mylab.com/dir3
http://hostname.mylab.com/dir4
Could you please tell me if the following IRule will work if not please help me in configuring this.
when HTTP_REQUEST {
if { (([HTTP::host] eq "hostname.mylab.com") and ([HTTP::path] eq "/dir1"))
or (([HTTP::host] eq "hostname.mylab.com") and ([HTTP::path] eq "/dir2"))
or (([HTTP::host] eq "hostname.mylab.com") and ([HTTP::path] eq "/dir3"))
or (([HTTP::host] eq "hostname.mylab.com") and ([HTTP::path] eq "/dir4")) } {
} else {
drop
}
}
I really appreciate your help and support in this
Kind Regards,
20-Jun-2020
17:24
- last edited on
04-Jun-2023
21:24
by
JimmyPackets
when HTTP_REQUEST {
if { [HTTP::host] == "hostname.mylab.com" } {
switch -- [HTTP::path] {
"/dir1" -
"/dir2" -
"/dir3" -
"/dir4" -
default { drop }
}
} else {
drop
}
}
23-Jun-2020 03:00
Thanks Pete for the reply and your time, really appreciate it.
I have tried your solution but it doesn't seem to work,
I implemented the following which went fine.
when HTTP_REQUEST {
if { (([HTTP::host] eq "hostname.mylab.com") and ([HTTP::uri] contains "/dir1"))
or (([HTTP::host] eq "hostname.mylab.com") and ([HTTP::uri] contains "/dir2"))
or (([HTTP::host] eq "hostname.mylab.com") and ([HTTP::uri] contains "/dir3"))
or (([HTTP::host] eq "hostname.mylab.com") and ([HTTP::uri] contains "/dir4")) } {
} else {
drop
}
}
Kind Regards,
23-Jun-2020
05:21
- last edited on
04-Jun-2023
21:24
by
JimmyPackets
Cool. I can see what i did wrong:
when HTTP_REQUEST {
if { [HTTP::host] == "hostname.mylab.com" } {
switch -- [HTTP::path] {
"/dir1" -
"/dir2" -
"/dir3" -
"/dir4" { return }
default { drop }
}
} else {
drop
}
}
otherwise, you can implement yours a bit differently:
when HTTP_REQUEST {
set urls { "/dir1*" "/dir2*" "/dir3*" }
if { (! [HTTP::host] eq "hostname.mylab.com") or ( ! [lsearch -glob -- $urls [HTTP::path]) } {
drop
}
}
or if the number of URLs is likely to be a large number ( 20+ ) then you can put them into a datagroup and match against that.
You can also implement this in an LTM policy which would be more performant.
When testing this sort of thing it is a good idea with a range of tests for different urls and formats to check it works as expected, it is easy to find a corner case.