Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions
Custom Alert Banner

F5 AppWorld 2024 session proposal deadline extended to Friday, December 8th!

Blocking an URI wildcard to a specific Hostname and using an header

FaresB
Nimbostratus
Nimbostratus

‎22-Apr-2020 02:59

Hi,

 

I'm trying to block wildcard " /* "but I need to allow access to " /pathA/* " and " /pathB/* " from a specific hostname, I need also to block these paths in the "Referer" header.

 

Basically, every access to " /* " should be rejected exept paths containing keyworld "pathA" and "pathB".

 

I have tried this iRULE but it seems to not work:

 

when HTTP_REQUEST {

 if { ([string tolower [HTTP::host]] contains "myhostname.society.com") && (![HTTP::uri] contains "/pathA" || ![HTTP::uri] contains "/pathB")} {

   HTTP::respond 403

 }

   elseif { ((![HTTP::header "Referer"] contains "/pathA") || (![HTTP::header "Referer"] contains "/pathB")) }

   {

 HTTP::respond 403

}

}

 

Can you help me ?

 

regards

Labels:
0 Kudos
2 REPLIES 2

cjunior
Nacreous
Nacreous

‎22-Apr-2020 15:14 - last edited on ‎04-Jun-2023 21:29 by Fog

Hello,

According to my understanding, could be this:

when HTTP_REQUEST {
    if { [string tolower [HTTP::host]] contains "myhostname.society.com" && !( [HTTP::uri] contains "/pathA" || [HTTP::uri] contains "/pathB" || [HTTP::header Referer] contains "/pathA" || [HTTP::header Referer] contains "/pathB" ) } {
        HTTP::respond 403
    }
}

as well this one:

when HTTP_REQUEST {
    if { [string tolower [HTTP::host]] contains "myhostname.society.com" } {
        switch -glob [HTTP::path][HTTP::header Referer] {
            "*/pathA*" -
            "*/pathB*" { }
            default { HTTP::respond 403 }
        }
    }
}

I hope it helps.

0 Kudos

FaresB
Nimbostratus
Nimbostratus

‎23-Apr-2020 02:21

Nevermind, Actually this iRULE seems to be ok !!

 

I used only this one on my VS and everything looks fine ,

the condition    switch -glob [HTTP::path][HTTP::header Referer] is perfect in my case !!

 

Thanks you cjunior !!

Here the solution worked on my case:

 

when HTTP_REQUEST {

   if { [string tolower [HTTP::host]] contains "hostname" } {

       switch -glob [HTTP::path][HTTP::header Referer] {

           "*/pathA*" -

           "*/pathB*" { }

           default { log local0. "condition header et hostname"

           reject }

       }

   }

}

0 Kudos
Copyright © 2023 Khoros, LLC