Hi mj16othman,
you could use this iRule.
when HTTP_REQUEST {
if { [string tolower [HTTP::host][HTTP::path]] starts_with "abc.com/files" } {
switch -glob [string tolower [HTTP::path]] {
"*.gif" -
"*.jpg" -
"*.jpeg" -
"*.png" {
# Drop if URI ends with a static file type
drop
}
default {
return
}
}
}
}
If you want to filter by source IP, I would do this inside the switch statement with a datagroup matching.
However... how will you get all the IP addresses from Amazon, Twitter and so on?
- You could do a reverse lookup and check whether the IP belongs to Amazon or similar. - with an awful penalty on performance of the iRule and no guarantee that this is a 100% solution. Not all IPs have reverse records.
- You could check if they have an API (example: https://ip-ranges.amazonaws.com/ip-ranges.json) and convert them to a datagroup. Requires automation.
- You could also implement the whole thing with APM. Again - how to get the list of allowed source IPs?
KR
Daniel