Technical Forum
Ask questions. Discover Answers.
cancel
Showing results for 
Search instead for 
Did you mean: 

domain blocking

MustphaBassim
Cirrus
Cirrus

Hello Dears

i am trying block part of published url as show below :

exmpale.com

i want to block only access to exmaple.com/data_open/

anyone can help ?

Best Regards

1 ACCEPTED SOLUTION

Hi @MustphaBassim , 
Okay , it's not an issue to work with https application. 
Some steps have to be existed before the irule: 
1- Client ssl profile >>> to decrypt Client traffic ( https traffic ) 
2- http profile >>> it's mandatory to let Bigip to read and understand https requests which leads to make bigip able to detect irule events and perform it's actions.
3- Test your application prior to applying irule.
4- Apply irule and test. 

I havn't test the irule that i sent , it looks good for me , but give my time to test it for you in my environment and I will see how it works and any optimizations may i add for it. 

Keep me updated , maybe irule work with you after following the above 4 steps. 


_______________________
Regards
Mohamed Kansoh

View solution in original post

9 REPLIES 9

Hi @MustphaBassim , 

try this : 

when HTTP_REQUEST {
if { ([HTTP::host] eq "example.com") and ([HTTP::path] contains "/data_open") } {
drop
}
}

you can use "starts_with" instead of contains. 
 


I recommend to mimic this by LTM policies , just follow the same irule logic to achieve that.

> Create a test virtual server , and test this irule on it if the test passes and give you the needed results apply it in the production virtual server. 

I hope this helps you 🙂 

_______________________
Regards
Mohamed Kansoh

MustphaBassim
Cirrus
Cirrus

hello dear

thnx for reply

it is not work , i applied on virual seever

some point to be conider i am applying ssl offloading on this virtual seever and the website working https not http

 

bests

Hi @MustphaBassim , 
Okay , it's not an issue to work with https application. 
Some steps have to be existed before the irule: 
1- Client ssl profile >>> to decrypt Client traffic ( https traffic ) 
2- http profile >>> it's mandatory to let Bigip to read and understand https requests which leads to make bigip able to detect irule events and perform it's actions.
3- Test your application prior to applying irule.
4- Apply irule and test. 

I havn't test the irule that i sent , it looks good for me , but give my time to test it for you in my environment and I will see how it works and any optimizations may i add for it. 

Keep me updated , maybe irule work with you after following the above 4 steps. 


_______________________
Regards
Mohamed Kansoh

Hello Dear

I did the configruation as shown on picture when TabadulCert is our public certicate MicrosoftTeams-image (41).png

I found the issue 😄

it was on domain that i put it on url 😐

thnx for your kind support

Great news! @MustphaBassim 😄 

_______________________
Regards
Mohamed Kansoh

I want to know the steps and you made my day. Thank you sir.

You are most welcome @TerryRobinson 🙂 

_______________________
Regards
Mohamed Kansoh

I appreciate you for sharing the solution.