cancel
Showing results for 
Search instead for 
Did you mean: 
Login & Join the DevCentral Connects Group to watch the Recorded LiveStream (May 12) on Basic iControl Security - show notes included.

Dropping connections after a specific part of URI

AbuAhmad
Nimbostratus
Nimbostratus

Hi There,

I need help to write an iRule that will drop the request for any request after this uri:

 

/xyz/web/apx/ pass this request but anything after that uri need to drop the request ( drop /xyz/web/apx/*)

 

tried this but it is not working:

when HTTP_REQUEST {

  if { [HTTP::uri] contains "/xyz/web/apx/*" } {

     drop

  }

}

 

Thank you in advance

1 ACCEPTED SOLUTION

Hi AbuAhmad,

 

I missed something sorry. Could you please try below one:

when HTTP_REQUEST { if { [HTTP::uri] starts_with "/xyz/web/apx/" && not ([HTTP::uri] equals "/xyz/web/apx/") } { drop } }

 

View solution in original post

4 REPLIES 4

oguzy
Cirrostratus
Cirrostratus

Hi AbuAhmad,

 

If the uri starts with /xyz/web/apx then you can use the following irule:

when HTTP_REQUEST { if { [HTTP::uri] starts_with "/xyz/web/apx/" } { drop } }

Otherwise your irule is almost correct. Just remove the asteriks at the end of the uri.

 

Have a nice day.

AbuAhmad
Nimbostratus
Nimbostratus

Thank you Oguzy for the quick response,

I tried this before but it drops the connection that I need to keep:

 

https://host.name.com/xyz/web/apx/ << need this to still function including the "/" at the end but anything after that "/" should be dropped.

 

Thats why I tried the "/*" as wildcard at the end as I don't have list of all the directories that comes after that but need to block all of them.

Any ideas will be highly appreciated.

Hi AbuAhmad,

 

I missed something sorry. Could you please try below one:

when HTTP_REQUEST { if { [HTTP::uri] starts_with "/xyz/web/apx/" && not ([HTTP::uri] equals "/xyz/web/apx/") } { drop } }

 

AbuAhmad
Nimbostratus
Nimbostratus

Thank you Oguzy so much for your help, this one worked as requested. I added to it "HTTP::respond 403" instead of "drop" to give a meaningful message.

The client came back saying they can't block everyone passed apx/ 😞

So I am going to use data groups to block certain directories until they provide the full list.

Thanks again for the help Oguzy.