Forum Discussion

Rohan's avatar
Rohan
Icon for Nimbostratus rankNimbostratus
Dec 20, 2019

irule to redirect to to cloud WAF

We have below requirement and our url is hosted on cloud for WAF and waf access VIP on F5 using which url is not known

and we have to stop access of www.abc.prod.co.in from intenet and we want whenever user try to access abc.co.in it sould redirect to www.abc.co.in and except when cloud waf policy server access it. we have created below irule, kindly check and confirm will below irule work or not.

 

1. Redirect all traffic from abc.co.in/* to www.abc.co.in/*

2. traffic : FROM a list of known IPs to www.abc.prod.co.in should be sent to the existing pool

3. Other traffic should be rejected

 

 

when HTTP_REQUEST

{

  if { ([class match [IP::client_addr] equals "datagroup_abc" ]) } then

  {

    pool Pool_Name Pool_abc

  }

  elseif { ([string tolower [HTTP::host]] eq "abc.co.in") || 

       ([string tolower [HTTP::host]] eq "www.abc.prod.co.uk") ||

       ([HTTP::host] eq "192.168.168.10") } then

  {

    HTTP::respond 301 Location "[http://www.abc.co.in[HTTP::path]"

  }

  else {

    reject

  }

}

 

application delivery
iRules
LTM

1 Reply

Sort By
  • cjunior's avatar
    cjunior
    Icon for Nacreous rankNacreous
    Jan 28, 2020

    Hi,

    I would just change [HTTP :: path] to [HTTP :: uri] to not lose querystring values when there and discard connections instead of reject.

    Anyway, an LTM policy works fine in this case and I may prefer to use it.

     

    Finally, my iRule code should be:

    when HTTP_REQUEST {
    set host [string tolower [getfield [HTTP::host] : 1]]
    if { [class match [IP::client_addr] equals datagroup_abc] } {
        pool Pool_abc
    } elseif {  $host eq "abc.co.in" || 
                $host eq "www.abc.prod.co.uk" ||
                $host eq "192.168.168.10" } {
        HTTP::respond 301 -version auto noserver Location "http://www.abc.co.in[HTTP::uri]" Connection Close
    } else {
        discard
    }
    unset host
}

    Regards.