Forum Discussion

NetWork's avatar
NetWork
Icon for Nimbostratus rankNimbostratus
Oct 21, 2020
Solved

IRule for Exact resource access rejection

I would like to know the feasibility of implementing iRules for below scenario, kindly suggest whether it is achievable or not.   https://my.domain.com/mrj/home/srt/portal/prtroot/com.dev.net.sen...
  • Dario_Garrido's avatar
    Dario_Garrido
    Oct 22, 2020

    Hello NetWork.

    Actually the previous sentence has a mistake. It should be like this.

    set uri [getfield [HTTP::uri] "?" 1]

    This is used to remove de Query parameter of the URI. For example if you receive something like this:

    /mrj/home/srt/portal/prtroot/com.dev.net.sendemail?myuser=john

    Taking into account that you need to reject any URI related with

    /mrj/home/srt/portal/prtroot/com.dev.net.sendemail*

    Then you should use "starts_with" instead of "ends_with", and the sentence before would not be necessary.

    Your iRule should be like this:

    when HTTP_REQUEST {
    	if { [HTTP::uri] == "/" } { HTTP::redirect "http://[HTTP::host]/mrj" }
    	elseif { [string tolower [HTTP::uri]] starts_with "/mrj/home/srt/portal/prtroot/com.dev.net.sendemail" } { reject }
    	elseif { [string tolower [HTTP::uri]] starts_with "/mrj" or [string tolower [HTTP::uri]] starts_with "/web" or [string tolower [HTTP::uri]] starts_with "/htmlb" } { pool pool-A }
    	elseif { [string tolower [HTTP::uri]] starts_with "/abc" } { pool pool-B }
    	elseif { [string tolower [HTTP::uri]] starts_with "/" } {reject}
    }

    Please, if this was helpful don't forget to mark my answer as 'the best' to help me for the contribution.

    Regards,

    Dario.