Forum Discussion

omar_padilla's avatar
omar_padilla
Icon for Altocumulus rankAltocumulus
May 01, 2020

irule, restict path no work!!!

Hi, I hope I can find an alternative to my problem, I currently have a service published by my F5 ltm is a web application, what I need is to be able to restrict access to the application, they should only be able to enter a specific path of the application atcuat.extranetbanbif .com.pe / detect / public / if they try to enter another place that is not inside / detect / public / to block it, this seems simple with an irule, which in the rquest event evaluates if the host and uri agree that redirect to the pool member, the problem is that when consulting the web portal resources such as css, javascritp, images and others are consumed and for each request there is a different uri example /resources/imagen1.jpg and this is blocked and so all resources, try adding each path manually so that the irule does the exception but this is not maintainable when I change the application I will have to add each path, I don't know how to only allow access to the specific uri but without blocking the rest of the resources since they are started from the client some idea please?

 

Irule

 

AAP

 

 

application delivery
iRules
LTM

1 Reply

Sort By
  • Simon_Blakely's avatar
    Simon_Blakely
    Icon for Employee rankEmployee
    May 03, 2020

    You need to allow access to the required resources in the application, and you will need to maintain the list of allowed paths as the application changes - there is no easy way to avoid this.

     

    First - use a Local Traffic Policy instead of an irule - they are faster, more efficient and more maintainable.

     

    K15085:  Overview of the Local Traffic Policies feature (11.4.0 - 12.0.0)

     

    Second - you can use a datagroup to maintain the list of valid paths in the application. This makes maintenance easier as well.

     

    Finally, consider ASM - it can learn and manage valid URIs fro the application.