Forum Discussion

mj16othman's avatar
mj16othman
Icon for Altostratus rankAltostratus
May 17, 2022

Irule to match a Domain

Guys I really need your help. Im currently working on a request. Lets say i have the below URL 

https://abd.com/files/jaskjaskjsakjasjk.jpg

Customers are asking me to disable anything that comes after the /files that has an image extension like jpg, pdf and png,  from  anyone communicating from the outside, except for internal IPs and Several domain like amazon, twitter, should have access to the above URL. 

 

I had some luck on confguring it on the LTM policies section, but i couldnt match the domain. So is there an irule which will work on this. 

application delivery
cloud
devops
security

1 Reply

Sort By
  • Daniel_Wolf's avatar
    Daniel_Wolf
    Icon for MVP rankMVP
    May 18, 2022

    Hi mj16othman,

    you could use this iRule.

     

    when HTTP_REQUEST {
    if { [string tolower [HTTP::host][HTTP::path]] starts_with "abc.com/files" } {
        switch -glob [string tolower [HTTP::path]] {
            "*.gif" -
            "*.jpg" -
            "*.jpeg" -
            "*.png" {
                # Drop if URI ends with a static file type
                drop
            }
            default {
                return
            }
        }   
    }    
}

     

    If you want to filter by source IP, I would do this inside the switch statement with a datagroup matching.
    However... how will you get all the IP addresses from Amazon, Twitter and so on?

    • You could do a reverse lookup and check whether the IP belongs to Amazon or similar. - with an awful penalty on performance of the iRule and no guarantee that this is a 100% solution. Not all IPs have reverse records.
    • You could check if they have an API (example: https://ip-ranges.amazonaws.com/ip-ranges.json) and convert them to a datagroup. Requires automation.
    • You could also implement the whole thing with APM. Again - how to get the list of allowed source IPs?

    KR
    Daniel