F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

k20's avatar
k20
Icon for Nimbostratus rankNimbostratus
Dec 04, 2020

Need help to whitelist URI's

I need some help with the iRule. The goal is to allow users to access a limited number of URI's from the Internet but open to all for internal users.   I have created a datagroup that contains th...
application delivery
iRules
Samir's avatar
Samir
Icon for MVP rankMVP
Dec 04, 2020

Above  iRule is correct, You can remove the statement which is creating issue.

If i will be at you place then can try negative scenario and short irule for fun. You can try to use URI_DB class to add and remove the URI.

when HTTP_REQUEST {
if { !([class match [IP::client_addr] equals internal_subnets]) && ([class match [HTTP::uri] starts_with URI_DB) } {
HTTP::redirect "http://app.com/sorry.html"
        }
else {
	pool app_80_pool 
	}
}

Add the all uri in URI_DB

"/sorry.html"

"/foo/combined.js*"

"/foo/css/*"

"/foo/desktopreset"

Please tune iRule per requirements.

Thanks

k20's avatar
k20
Icon for Nimbostratus rankNimbostratus
Dec 05, 2020

I have reversed the logic back to the original but now using datagroup instead of the "switch -glob" meaning,

 

when HTTP_REQUEST {

   if { [class match [IP::client_addr] equals internal_subnets] || [class match [HTTP::uri] starts_with URI_DB] || [HTTP::host] equals "app.com"} {

   pool app_80_pool

   }

   else {

      HTTP::redirect "http://app.com/sorry.html"

   }

}

 

Now, everything works except the redirect which never works. However, I have just noticed that if I don't use DNS and use IP instead, the redirect works just fine. Can you explain why?