14-Jul-2021 01:17
I have requirement to block the traffic to a particular https path (Page) via iRule on WAF device in order to restrict the access of below url from all other geo location aspect Thailand country .
Can someone help on this. I have write below iRule.
when HTTP_REQUEST {
if { [string tolower [HTTP::uri]] equals "http://abc.com/job-request/" && [whereis [IP::client_addr] country] ne "TH" } {
drop
}
{
else {
#log local0. "The page is restricted"
}
}
14-Jul-2021
03:33
- last edited on
04-Jun-2023
19:22
by
JimmyPackets
iRule looks fine with few modifcations to uri and closing braces. Also, please check with the requestor if it should be explicit URL "/job-request/" or wildcard (i.e anything after) "/job-request*".
If it's a wildcard, replace "eq" with "starts_with"
when HTTP_REQUEST {
if { ([string tolower [HTTP::uri]] eq "/job-request") and ([whereis [IP::client_addr] country] ne "TH") } {
drop
} else {
return
}
}
15-Jul-2021 02:00
Thanks Sanjay for replying.
/"/job-request" is specific path which needs to be restricted. So could you please advise if eq is suffice the needs or shall this change to starts_with ?
15-Jul-2021 02:19
yes. eq would be okay.
16-Jul-2021 00:32
I am allowing traffic only TH country, so I believe the action should be allow and else should be drop like below
{
allow
} else { drop
}
}
16-Jul-2021 00:38
Since your iRule has use "ne" (not equal) operator for checking the Country, it's dropping on first condition. You can modify the operator to check just for TH country using "eq" operator to drop on else condition. Both should be fine.
16-Jul-2021 00:41
when HTTP_REQUEST {
if { ([string tolower [HTTP::uri]] eq "/job-request") and ([whereis [IP::client_addr] country] ne "TH") } {
drop
} else {
return
log local0. "[IP::remote_addr]"
}
}
is this fine ?
16-Jul-2021 00:50
yes. you can test it using vpn to select another Country. Also, I would disable logging unless needed for troubleshooting.