Need help to whitelist URI's
I need some help with the iRule. The goal is to allow users to access a limited number of URI's from the Internet but open to all for internal users.
I have created a datagroup that contains the internal subnets called internal_subnets
Here's my iRule
when HTTP_REQUEST {
if { [class match [IP::client_addr] equals internal_subnets] }{
pool app_80_pool
}
switch -glob [HTTP::host] {
"app.com" {
pool app_80_pool
}
}
if {[HTTP::uri] starts_with "/foo/combined.js*" or \
[HTTP::uri] starts_with "/foo/css/*" or \
[HTTP::uri] starts_with "/foo/desktopreset" or \
[HTTP::uri] starts_with "/foo/doc/*" or \
[HTTP::uri] starts_with "/foo/error404.html" or \
[HTTP::uri] starts_with "/foo/external/*" or \
[HTTP::uri] starts_with "/foo/favicon.ico" or \
[HTTP::uri] starts_with "/foo/home.jsf" or \
[HTTP::uri] starts_with "/foo/images/*" or \
[HTTP::uri] starts_with "/foo/include/*" or \
[HTTP::uri] starts_with "/foo/javax.faces.resource/*" or \
[HTTP::uri] starts_with "/foo/login.jsf" or \
[HTTP::uri] starts_with "/foo/resources/*" or \
[HTTP::uri] starts_with "/foo/scripts/*" or \
[HTTP::uri] starts_with "/foo/ui/*" or \
[HTTP::uri] starts_with "/foo/user/*" }{
pool app_80_pool
}
else {
HTTP::redirect "http://app.com/sorry.html"
}
}
Nothing works. What did I do wrong here?
Any help would be appreciated.