Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions
Custom Alert Banner

F5 AppWorld 2024 session proposal deadline extended to Friday, December 8th!

Irule to match a Domain

mj16othman
Altostratus
Altostratus

‎17-May-2022 15:14

Guys I really need your help. Im currently working on a request. Lets say i have the below URL 

https://abd.com/files/jaskjaskjsakjasjk.jpg

Customers are asking me to disable anything that comes after the /files that has an image extension like jpg, pdf and png,  from  anyone communicating from the outside, except for internal IPs and Several domain like amazon, twitter, should have access to the above URL. 

 

I had some luck on confguring it on the LTM policies section, but i couldnt match the domain. So is there an irule which will work on this. 

0 Kudos
1 REPLY 1

Daniel_Wolf
MVP
MVP

‎18-May-2022 10:19 - edited ‎18-May-2022 10:20

Hi @mj16othman,

you could use this iRule.

 

when HTTP_REQUEST {
    if { [string tolower [HTTP::host][HTTP::path]] starts_with "abc.com/files" } {
        switch -glob [string tolower [HTTP::path]] {
            "*.gif" -
            "*.jpg" -
            "*.jpeg" -
            "*.png" {
                # Drop if URI ends with a static file type
                drop
            }
            default {
                return
            }
        }   
    }    
}

 

If you want to filter by source IP, I would do this inside the switch statement with a datagroup matching.
However... how will you get all the IP addresses from Amazon, Twitter and so on?

  • You could do a reverse lookup and check whether the IP belongs to Amazon or similar. - with an awful penalty on performance of the iRule and no guarantee that this is a 100% solution. Not all IPs have reverse records.
  • You could check if they have an API (example: https://ip-ranges.amazonaws.com/ip-ranges.json) and convert them to a datagroup. Requires automation.
  • You could also implement the whole thing with APM. Again - how to get the list of allowed source IPs?

KR
Daniel

0 Kudos
Copyright © 2023 Khoros, LLC