cancel
Showing results for 
Search instead for 
Did you mean: 
Login & Join the DevCentral Connects Group to watch the Recorded LiveStream (May 12) on Basic iControl Security - show notes included.

irule, restict path no work!!!

omar_padilla
Altostratus
Altostratus

Hi, I hope I can find an alternative to my problem, I currently have a service published by my F5 ltm is a web application, what I need is to be able to restrict access to the application, they should only be able to enter a specific path of the application atcuat.extranetbanbif .com.pe / detect / public / if they try to enter another place that is not inside / detect / public / to block it, this seems simple with an irule, which in the rquest event evaluates if the host and uri agree that redirect to the pool member, the problem is that when consulting the web portal resources such as css, javascritp, images and others are consumed and for each request there is a different uri example /resources/imagen1.jpg and this is blocked and so all resources, try adding each path manually so that the irule does the exception but this is not maintainable when I change the application I will have to add each path, I don't know how to only allow access to the specific uri but without blocking the rest of the resources since they are started from the client some idea please?

 

Irule

0691T000008szOTQAY.png

 

AAP

 

 

0691T000008szOYQAY.png

1 REPLY 1

Simon_Blakely
F5 Employee
F5 Employee

You need to allow access to the required resources in the application, and you will need to maintain the list of allowed paths as the application changes - there is no easy way to avoid this.

 

First - use a Local Traffic Policy instead of an irule - they are faster, more efficient and more maintainable.

 

K15085:  Overview of the Local Traffic Policies feature (11.4.0 - 12.0.0)

 

Second - you can use a datagroup to maintain the list of valid paths in the application. This makes maintenance easier as well.

 

Finally, consider ASM - it can learn and manage valid URIs fro the application.