Forum Discussion

minnoce944's avatar
minnoce944
Icon for Nimbostratus rankNimbostratus
Jun 24, 2014

denying access except for specific domains and paths

Hi, i have requirements to lock down specific domains and paths unless they are valid. This VIP has multiple domain names pointing at it so i'm trying to cover all possible conditions. I have something i've put together, but i wanted to see is this can be done more elegant / more efficient.

Condition 1: domain can be anything except img.domain.com but has to start with /path1/, otherwise issue a 403 Condition 2: domain has to be img.domain.com and start with /path2/, otherwise issue a 403 Condition 3: domain has to be img.domain.com and start with /path3/, otherwise issue a 403

Here is what i've came up with so far:

when HTTP_REQUEST {
if { not ([string tolower [HTTP::uri]] starts_with "/path1/") and not ([HTTP::host] eq "img.domain.com")  } {
HTTP::respond 403
}
if { (not ([string tolower [HTTP::uri]] starts_with "/path2/")) or (not ([string tolower [HTTP::uri]] starts_with "/path3/")) and ([HTTP::host] eq "img.domain.com")  } {
HTTP::respond 403
}
}

Thanks

APM
application delivery
devops
iRules
LTM
security

2 Replies

Sort By
  • Kevin_Stewart's avatar
    Kevin_Stewart
    Icon for Employee rankEmployee
    Jun 24, 2014

    Here's another option:

    when HTTP_REQUEST {
    switch [string tolower [HTTP::host]] {
        "img.domain.com" {
            switch -glob [string tolower [HTTP::uri]] {
                "/path2/*" -
                "/path3/*" {
                    return
                }
                default {
                    HTTP::respond 403
                }
            }
        } 
        default {
            if { not ( [string tolower [HTTP::uri]] starts_with "/path1/" ) } {
                HTTP::respond 403
            } else {
                return
            }
        }
    }
}