21-Oct-2020 16:50
I would like to know the feasibility of implementing iRules for below scenario, kindly suggest whether it is achievable or not.
https://my.domain.com/mrj/home/srt/portal/prtroot/com.dev.net.sendemail >> only request to this resource should get rejected
https://my.domain.com/mrj/home/srt/portal/prtroot/* >> other should get allowed
Solved! Go to Solution.
22-Oct-2020
01:48
- last edited on
04-Jun-2023
21:13
by
JimmyPackets
Hello NetWork.
Actually the previous sentence has a mistake. It should be like this.
set uri [getfield [HTTP::uri] "?" 1]
This is used to remove de Query parameter of the URI. For example if you receive something like this:
/mrj/home/srt/portal/prtroot/com.dev.net.sendemail?myuser=john
Taking into account that you need to reject any URI related with
/mrj/home/srt/portal/prtroot/com.dev.net.sendemail*
Then you should use "starts_with" instead of "ends_with", and the sentence before would not be necessary.
Your iRule should be like this:
when HTTP_REQUEST {
if { [HTTP::uri] == "/" } { HTTP::redirect "http://[HTTP::host]/mrj" }
elseif { [string tolower [HTTP::uri]] starts_with "/mrj/home/srt/portal/prtroot/com.dev.net.sendemail" } { reject }
elseif { [string tolower [HTTP::uri]] starts_with "/mrj" or [string tolower [HTTP::uri]] starts_with "/web" or [string tolower [HTTP::uri]] starts_with "/htmlb" } { pool pool-A }
elseif { [string tolower [HTTP::uri]] starts_with "/abc" } { pool pool-B }
elseif { [string tolower [HTTP::uri]] starts_with "/" } {reject}
}
Please, if this was helpful don't forget to mark my answer as 'the best' to help me for the contribution.
Regards,
Dario.
22-Oct-2020
00:04
- last edited on
04-Jun-2023
21:13
by
JimmyPackets
Hello NetWork.
Yes, it's feasible. Try this:
when HTTP_REQUEST {
set uri [getfield [HTTP::uri] "?" 2]
if { $uri ends_with "/mrj/home/srt/portal/prtroot/com.dev.net.sendemail" } { reject }
}
Regards,
Dario.
22-Oct-2020 01:13
Hi Dario,
Thanks a lot for your response!
Below is our existing and working iRule:
when HTTP_REQUEST {
if { [HTTP::uri] == "/" } { HTTP::redirect "http://[HTTP::host]/mrj" }
elseif { [string tolower [HTTP::uri]] starts_with "/mrj" or [string tolower [HTTP::uri]] starts_with "/web" or [string tolower [HTTP::uri]] starts_with "/htmlb" }
{ pool pool-A }
elseif { [string tolower [HTTP::uri]] starts_with "/abc" }
{ pool pool-B }
elseif { [string tolower [HTTP::uri]] starts_with "/" }
{reject}
}
If we modify it as below, will it work?
when HTTP_REQUEST {
set uri [getfield [HTTP::uri] "?" 2]
if { [HTTP::uri] == "/" } { HTTP::redirect "http://[HTTP::host]/mrj" }
elseif { $uri ends_with "/mrj/home/srt/portal/prtroot/com.dev.net.sendemail" }
{ reject }
elseif { [string tolower [HTTP::uri]] starts_with "/mrj" or [string tolower [HTTP::uri]] starts_with "/web" or [string tolower [HTTP::uri]] starts_with "/htmlb" }
{ pool pool-A }
elseif { [string tolower [HTTP::uri]] starts_with "/abc" }
{ pool pool-B }
elseif { [string tolower [HTTP::uri]] starts_with "/" }
{reject}
}
Also, can you please help to understand why we need to put "2" in set uri [getfield [HTTP::uri] "?" 2] ??
And, in case if we want to reject anything after sendemail i.e /mrj/home/srt/portal/prtroot/com.dev.net.sendemail*, how that can be achieved.
22-Oct-2020
01:48
- last edited on
04-Jun-2023
21:13
by
JimmyPackets
Hello NetWork.
Actually the previous sentence has a mistake. It should be like this.
set uri [getfield [HTTP::uri] "?" 1]
This is used to remove de Query parameter of the URI. For example if you receive something like this:
/mrj/home/srt/portal/prtroot/com.dev.net.sendemail?myuser=john
Taking into account that you need to reject any URI related with
/mrj/home/srt/portal/prtroot/com.dev.net.sendemail*
Then you should use "starts_with" instead of "ends_with", and the sentence before would not be necessary.
Your iRule should be like this:
when HTTP_REQUEST {
if { [HTTP::uri] == "/" } { HTTP::redirect "http://[HTTP::host]/mrj" }
elseif { [string tolower [HTTP::uri]] starts_with "/mrj/home/srt/portal/prtroot/com.dev.net.sendemail" } { reject }
elseif { [string tolower [HTTP::uri]] starts_with "/mrj" or [string tolower [HTTP::uri]] starts_with "/web" or [string tolower [HTTP::uri]] starts_with "/htmlb" } { pool pool-A }
elseif { [string tolower [HTTP::uri]] starts_with "/abc" } { pool pool-B }
elseif { [string tolower [HTTP::uri]] starts_with "/" } {reject}
}
Please, if this was helpful don't forget to mark my answer as 'the best' to help me for the contribution.
Regards,
Dario.
05-Dec-2020 18:27
Hi Dario,
We have tested in our customer environment, it works as expected.
Many thanks for your help!