cancel
Showing results for 
Search instead for 
Did you mean: 

denying access except for specific domains and paths

minnoce944
Nimbostratus
Nimbostratus

Hi, i have requirements to lock down specific domains and paths unless they are valid. This VIP has multiple domain names pointing at it so i'm trying to cover all possible conditions. I have something i've put together, but i wanted to see is this can be done more elegant / more efficient.

 

Condition 1: domain can be anything except img.domain.com but has to start with /path1/, otherwise issue a 403 Condition 2: domain has to be img.domain.com and start with /path2/, otherwise issue a 403 Condition 3: domain has to be img.domain.com and start with /path3/, otherwise issue a 403

 

Here is what i've came up with so far:

 

when HTTP_REQUEST { if { not ([string tolower [HTTP::uri]] starts_with "/path1/") and not ([HTTP::host] eq "img.domain.com") } { HTTP::respond 403 } if { (not ([string tolower [HTTP::uri]] starts_with "/path2/")) or (not ([string tolower [HTTP::uri]] starts_with "/path3/")) and ([HTTP::host] eq "img.domain.com") } { HTTP::respond 403 } }

Thanks

 

2 REPLIES 2

Kevin_Stewart
F5 Employee
F5 Employee

Here's another option:

 

when HTTP_REQUEST { switch [string tolower [HTTP::host]] { "img.domain.com" { switch -glob [string tolower [HTTP::uri]] { "/path2/*" - "/path3/*" { return } default { HTTP::respond 403 } } } default { if { not ( [string tolower [HTTP::uri]] starts_with "/path1/" ) } { HTTP::respond 403 } else { return } } } }

minnoce944
Nimbostratus
Nimbostratus

Thanks for the new rule, worked perfectly.