14-Dec-2022 22:45
Hello,
we've a VS with about 20 URLs, now I've to block Login-Sites dor the most but not all URL's, for eg:
I'd like to put all the Adresses (about 30-40) in a Data Droup List with strings and reference this List in a IRule with a Respond like "HTTP::respond 403"
Could you help me with a Syntax? Should be Case insensitive.
Thank you
15-Dec-2022 00:00
here is an example:
ltm data-group internal example_uri {
records {
login { }
member { }
}
type string
}
when HTTP_REQUEST {
if {[matchclass [string tolower [HTTP::uri]] contains example_uri]}{
HTTP::respond 403 content "You don't have authorization to view this page. Access Denied" noserver Content-Type text/html Connection Close Cache-Control no-cache
log local0. "deny URI: [HTTP::uri]"
}
}
15-Dec-2022 00:11
Hi mihaic,
thank you, but I need always the combination of [HTTP::host] and [HTTP::uri], becaus on some hosts the URI "login" should be allowed.
I guess the Data Group file I can manage, but the Syntax of the combination [HTTP::host] and [HTTP::uri] I'm not shure
15-Dec-2022 00:24
when HTTP_REQUEST {
if { ([HTTP::host] == "www.xyz.com") and ([matchclass [string tolower [HTTP::uri]] contains example_uri]) }{
HTTP::respond 403 content "You don't have authorization to view this page. Access Denied" noserver Content-Type text/html Connection Close Cache-Control no-cache
log local0. "deny URI: [HTTP::uri]"
}
}
15-Dec-2022 01:32
Hi @kgaigl ,
this should work. Note that I'm not putting URI in lowercase so /login and /LOGIN will require two different matches (they would be two different URLs indeed anyways)
when HTTP_REQUEST {
set req "[string tolower [HTTP::host]][HTTP::uri]"
if {[class match $req eq unallowed_datagroup]}{ HTTP::respond 403 }
}
ltm data-group internal unallowed_datagroup {
records {
www.somesite1.org/login { }
www.somesite2.org/member { }
www.somesite2.org/login { }
}
type string
}