Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions
Custom Alert Banner

F5 AppWorld 2024 session proposal deadline extended to Friday, December 8th!

IRule for Exact resource access rejection

Go to solution
NetWork
Nimbostratus
Nimbostratus

‎21-Oct-2020 16:50

I would like to know the feasibility of implementing iRules for below scenario, kindly suggest whether it is achievable or not.

 

https://my.domain.com/mrj/home/srt/portal/prtroot/com.dev.net.sendemail >> only request to this resource should get rejected

 

https://my.domain.com/mrj/home/srt/portal/prtroot/* >> other should get allowed

Labels:
0 Kudos
1 ACCEPTED SOLUTION

Go to solution
Dario_Garrido
MVP
MVP
In response to NetWork

‎22-Oct-2020 01:48 - last edited on ‎04-Jun-2023 21:13 by Fog

Hello NetWork.

Actually the previous sentence has a mistake. It should be like this.

set uri [getfield [HTTP::uri] "?" 1]

This is used to remove de Query parameter of the URI. For example if you receive something like this:

/mrj/home/srt/portal/prtroot/com.dev.net.sendemail?myuser=john

Taking into account that you need to reject any URI related with

/mrj/home/srt/portal/prtroot/com.dev.net.sendemail*

Then you should use "starts_with" instead of "ends_with", and the sentence before would not be necessary.

Your iRule should be like this:

when HTTP_REQUEST {
	if { [HTTP::uri] == "/" } { HTTP::redirect "http://[HTTP::host]/mrj" }
	elseif { [string tolower [HTTP::uri]] starts_with "/mrj/home/srt/portal/prtroot/com.dev.net.sendemail" } { reject }
	elseif { [string tolower [HTTP::uri]] starts_with "/mrj" or [string tolower [HTTP::uri]] starts_with "/web" or [string tolower [HTTP::uri]] starts_with "/htmlb" } { pool pool-A }
	elseif { [string tolower [HTTP::uri]] starts_with "/abc" } { pool pool-B }
	elseif { [string tolower [HTTP::uri]] starts_with "/" } {reject}
}

Please, if this was helpful don't forget to mark my answer as 'the best' to help me for the contribution.

Regards,

Dario.

Regards,
Dario.

View solution in original post

4 REPLIES 4

Go to solution
Dario_Garrido
MVP
MVP

‎22-Oct-2020 00:04 - last edited on ‎04-Jun-2023 21:13 by Fog

Hello NetWork.

Yes, it's feasible. Try this:

when HTTP_REQUEST {
	set uri [getfield [HTTP::uri] "?" 2]
	if { $uri ends_with "/mrj/home/srt/portal/prtroot/com.dev.net.sendemail" } { reject }
}

Regards,

Dario.

Regards,
Dario.
0 Kudos

Go to solution
NetWork
Nimbostratus
Nimbostratus
In response to Dario_Garrido

‎22-Oct-2020 01:13

Hi Dario,

 

Thanks a lot for your response!

 

Below is our existing and working iRule:

 

  when HTTP_REQUEST { 

 if { [HTTP::uri] == "/" } { HTTP::redirect "http://[HTTP::host]/mrj" }

 elseif { [string tolower [HTTP::uri]] starts_with "/mrj" or [string tolower [HTTP::uri]] starts_with "/web" or [string tolower [HTTP::uri]] starts_with "/htmlb" }

     { pool pool-A }

   elseif { [string tolower [HTTP::uri]] starts_with "/abc" }

     { pool pool-B }

   elseif { [string tolower [HTTP::uri]] starts_with "/" }

     {reject}

}

 

If we modify it as below, will it work?

 

 

when HTTP_REQUEST {

 

set uri [getfield [HTTP::uri] "?" 2]

 

if { [HTTP::uri] == "/" } { HTTP::redirect "http://[HTTP::host]/mrj" }

 

elseif { $uri ends_with "/mrj/home/srt/portal/prtroot/com.dev.net.sendemail" } 

    { reject }

 

elseif { [string tolower [HTTP::uri]] starts_with "/mrj" or [string tolower [HTTP::uri]] starts_with "/web" or [string tolower [HTTP::uri]] starts_with "/htmlb" }

     { pool pool-A }

 

elseif { [string tolower [HTTP::uri]] starts_with "/abc" }

     { pool pool-B }

 

   elseif { [string tolower [HTTP::uri]] starts_with "/" }

     {reject}

}

 

 

Also, can you please help to understand why we need to put "2" in set uri [getfield [HTTP::uri] "?" 2] ??

 

And, in case if we want to reject anything after sendemail i.e /mrj/home/srt/portal/prtroot/com.dev.net.sendemail*, how that can be achieved.

 

 

0 Kudos

Go to solution
Dario_Garrido
MVP
MVP
In response to NetWork

‎22-Oct-2020 01:48 - last edited on ‎04-Jun-2023 21:13 by Fog

Hello NetWork.

Actually the previous sentence has a mistake. It should be like this.

set uri [getfield [HTTP::uri] "?" 1]

This is used to remove de Query parameter of the URI. For example if you receive something like this:

/mrj/home/srt/portal/prtroot/com.dev.net.sendemail?myuser=john

Taking into account that you need to reject any URI related with

/mrj/home/srt/portal/prtroot/com.dev.net.sendemail*

Then you should use "starts_with" instead of "ends_with", and the sentence before would not be necessary.

Your iRule should be like this:

when HTTP_REQUEST {
	if { [HTTP::uri] == "/" } { HTTP::redirect "http://[HTTP::host]/mrj" }
	elseif { [string tolower [HTTP::uri]] starts_with "/mrj/home/srt/portal/prtroot/com.dev.net.sendemail" } { reject }
	elseif { [string tolower [HTTP::uri]] starts_with "/mrj" or [string tolower [HTTP::uri]] starts_with "/web" or [string tolower [HTTP::uri]] starts_with "/htmlb" } { pool pool-A }
	elseif { [string tolower [HTTP::uri]] starts_with "/abc" } { pool pool-B }
	elseif { [string tolower [HTTP::uri]] starts_with "/" } {reject}
}

Please, if this was helpful don't forget to mark my answer as 'the best' to help me for the contribution.

Regards,

Dario.

Regards,
Dario.

Go to solution
NetWork
Nimbostratus
Nimbostratus

‎05-Dec-2020 18:27

Hi Dario,

 

We have tested in our customer environment, it works as expected.

 

Many thanks for your help!

0 Kudos
Copyright © 2023 Khoros, LLC