HTTP 404 ERROR HANDLING through IRULE

Question

Hello Experts ,&nbsp;I am trying to build an irule which will send a HTTP 404 error CODE if the user intentionally or mistakenly typed a wrong URL .&nbsp;Below is the IRULE that i have written :&nbsp;&nbsp;when HTTP_REQUEST { 
  if {([string tolower [HTTP::host]] equals "xyz.APAC.com") &amp;&amp; [HTTP::uri] starts_with "/ARCHIAC" } {
    HTTP::uri [string map [list "/archiac/" "/arcgis/" ] [HTTP::uri]]
    pool PL_BNE_ENT_6443
    return
  } 
  if {([string tolower [HTTP::host]] equals "xyz.APAC.com") &amp;&amp; [HTTP::uri] starts_with "/archiacportal" } {
    pool PL_BNE_ENT_arcgisportal_443
    return
  }
  if {[HTTP::uri] matches_regex ".*" } {
    HTTP::respond 404 content {Page Not Found Page Not Found} 
  } 
}&nbsp;&nbsp;This irule work fine for most of the cases . BUT if any user start the URI with /ARCHIACjkaejksfsdjkhdfsj , this request will be send to server .&nbsp;Same is TRUE with /archiacportalsdfjkbasdjkfbsd .&nbsp;If there any way to discard the junk characters with HTTP 404 error when someone start the URI with above STRINGS ???&nbsp;&nbsp;&nbsp;&nbsp;

jrahm · Answer

If you are trying to match the path and NOT the query parameters, you'd be better off using HTTP::path, which only includes path information for that instead of HTTP::uri, which includes both path and query parameters.

For your badmatch, are you saying those are still matching, or that they are no longer matching?

finally, are you seeing any tcl errors in the logs when the sessions are being "kicked out"?

FYI, I'm going to be out on PTO for the next few days

jrahm · Answer

/ARCHIACjkaejksfsdjkhdfsj matches your first starts_with condition. Can you give a couple more examples of good matches versus bad matches? I'm not sure I have a clear enough picture of what is "good" to provide you a proper solution. On top of that, a few comments:

I'm not sure how anything gets through to the server with your HTTP::host. If you string tolower that, it'll never match xyz.APAC.com. I'm guessing that's just a sanitization error for adding to DC?
You don't need a string tolower on the HTTP::host. That is case insensitive by RFC.
You almost certainly do not want matches_regex there. Recommendation would be to use if, elseif, else strategy here, so by virtue of not matching your first two cases, the else will handle your 404 for everything else.

deepak_nair · Answer

Hi Jason Rahm , &nbsp;I have re-written my irule using some variable for flexible matching : &nbsp;Here is irule that i am using : &nbsp;when HTTP_REQUEST {set host [string tolower [HTTP::host]]set uri [HTTP::uri]if {$host equals "xyz.apac.com."} {set context [getfield $uri "/" 2]&nbsp;if {($context ne "archiacserver") and ($context ne "archiacportal") and ($context ne "archiac")} {HTTP::respond 404 content {Page Not Found Page Not Found}} elseif { ($uri starts_with "/archiacserver")} {HTTP::uri [string map {"/archiacserver" "/archiac"} [HTTP::uri]HTTP::redirect "https://$host[HTTP::uri]"pool PL_BNE_ENT_6443return} elseif {$uri starts_with "/archiac"} {pool PL_BNE_ENT_6443}elseif {$uri starts_with "/archiacportal"} {pool PL_BNE_ENT_archiacportal_443return}}}&nbsp;&nbsp;SO below are GOOD matching : &nbsp;www.xyz.apac.com/archiacserverwww.xyz.apac.com/archiacserver/www.xyz.apac.com/archiacserver/abcde/efghwww.xyz.apac.com/archiacportal&nbsp;&nbsp;BAD MATCH&nbsp;www.xyz.apac.com/dhghasgharchiacserverwww.xyz.apac.com/ARCHIACSERVERwww.xyz.apac.com/archiacserveradjefjaehfjewww.xyz.apac.com/archiacserver)*)*)*)*)*)www.xyz.apac.com/archiacPORTALwww.xyz.apac.com/ARCCHIACPORTALjdfbjdsfjasd&nbsp;etc etc &nbsp;SO my code work fine with testing and loading the APP through LB and also now looks like error handling works fine . . But i am seeing some issues with session kick out . &nbsp;For example if i try to load www.xyz.apac.com/archiacserver/admin/login , this works fine .Page load up with username and password and work perfectly . &nbsp;But if i hover to some tab after logged in and click , the session times out and ask for a re-login . &nbsp;we are not doing any Load balancing , simply sending the traffic to pool and my pool is configured with ACTIVE/STANDBY nodes using priority group .&lt; 1 with one node being on 10 and other on 5 .&nbsp;So no cookie persistence needed . &nbsp;ANy suggestions ?? something wrong with my irule ? &nbsp;No session kick out when i hit the node directly . &nbsp;Thanks

deepak_nair · Answer

Hi Jason , &nbsp;Thanks for writing me back . &nbsp;The bad matches are no longer matching .This is the irule I am using as POC : &nbsp;when HTTP_REQUEST {set host [string tolower [HTTP::host]]set uri [HTTP::uri]if {$host equals "xyz.apac.com."} {set context [getfield $uri "/" 2]&nbsp;if {($context ne "archiacserver") and ($context ne "archiacportal") and ($context ne "archiac")} {HTTP::respond 404 content {Page Not Found Page Not Found}} elseif { ($uri starts_with "/archiacserver")} {HTTP::uri [string map {"/archiacserver" "/archiac"} [HTTP::uri]pool PL_BNE_ENT_6443return} elseif {$uri starts_with "/archiac"} {pool PL_BNE_ENT_6443}elseif {$uri starts_with "/archiacportal"} {pool PL_BNE_ENT_archiacportal_443return}}}&nbsp;&nbsp;&nbsp;Regarding the error , I found I need to set x-forwarded for host with the HTTP profile and also at the server end they need to set a web context URL for re-write . &nbsp;The issue is now fixed . Thanks !&nbsp;

jrahm · Answer

good deal!&nbsp;

Forum Discussion

HTTP 404 ERROR HANDLING through IRULE

5 Replies

Recent Discussions

import live updates from version x to version y

Tenant image upgrade

iRule editor partition button does not work

F5Access | MacOS Sonoma

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Related Content

Intermediate iRules: Handling Strings

Handle False Positive for files upload

Intermediate iRules: Handling Lists

Handling HTTP Requests on an HTTPS Virtual Server

iRules LX Sideband Connection - Handling timeouts