Need iRule to block the traffic for specific URL

JamesB12 · ‎25-Nov-2022

Hello

Can somebody help on this please?

I have LTM appliance & Virtual server 'https://www100.test.com' hosted.

The requirement I have is to block all the traffic destinated to one of the application 'https://www100.test.com/ce' - is this something achievable by iRule If so do you have any idea on the iRule?

Would appreciate somebody can help.

Have seen this - https://support.f5.com/csp/article/K74012450 but that is looking too complex to me.

Thanks

mihaic · ‎25-Nov-2022

you could something like this:

when HTTP_REQUEST {
if { ([HTTP::host] eq "www100.test.com") and ([HTTP::path] eq "/ce") } {
drop
}
}

you could also, instead of eq "/ce" do starts_with "/ce" in case you have other URI's that start with "/ce" and you want to block them

JamesB12 · ‎25-Nov-2022

Thanks for that. I will give it a try.

If i need to filter specific Source IPs say from Whitelist1 Data group allow it, block rest of it for the same URL "www100.test.com/ce". How do i match the condition with the below iRule.

Kai_Wilke · ‎25-Nov-2022

Hi James,

The provided example in K74012450 allows you to block certain URIs for external IPs. Its probable not the right (to complex) solution if you want to block access to a given URI for all clients.

Depending on how the "block" action should be you may use one of the iRule snippets below:

Intercept the Request and send HTTP 403 "Access Denied" response to the User-Agent:

Intercept the Request and send HTTP 403 "Access Denied" response to the User-Agent:

when HTTP_REQUEST {
	if { [string tolower "[HTTP::host][HTTP::path]"] starts_with "www100.test.com/ce" } then {
		HTTP::respond 403 content "<html><body><h1>Access Denied</h1></body><html>" "Content-Type" "text/html"
	}
}

Intercept the Request and redirect the User-Agent to a custom error page or landing URL:

when HTTP_REQUEST {
	if { [string tolower "[HTTP::host][HTTP::path]"] starts_with "www100.test.com/ce" } then {
		HTTP::respond 302 "Location" "/error_page.html"
	}
}

If the block list gets more complex (e.g. more entries) you may need a different technique to filter URLs. Also keep in mind that the block list in my examples are filtering request to "www100.test.com/ce*". If your web application is also accesible via lets say "https://212.212.212.212/ce" then the filtering wont work. You may need to skip checking of the HOST-Name to make the black-listing more robust...

Cheers, Kai

—
iRule can do… 😉

JamesB12 · ‎25-Nov-2022

Thanks for that , Should be OK with sending

HTTP::respond 403

If i need to filter specific Source IPs say from Whitelist1 Data group allow it, block rest of it for the same URL "www100.test.com/ce". How do i match the condition with the below iRule.

when HTTP_REQUEST {
if { [string tolower "[HTTP::host][HTTP::path]"] starts_with "www100.test.com/ce" } then {
HTTP::respond 403 content "<html><body><h1>Access Denied</h1></body><html>" "Content-Type" "text/html"
}

Thanks

ScottE · ‎25-Nov-2022

@JamesB12

Sounds like the piece you are looking for is a class match for the whitelist.

when HTTP_REQUEST {
if { [string tolower "[HTTP::host][HTTP::path]"] starts_with "www100.test.com/ce" } then {

if { [class match [IP::client_addr] equals Whitelist1] } {
log local0.info "TESTCE: Acceptable usage from [IP::remote_addr]"

} else {
HTTP::respond 403 content "<html><body><h1>Access Denied</h1></body><html>" "Content-Type" "text/html"

return
}

}

You can also have a pool selection with the log statement if the traffic goes to a specific pool. You can also just negate the "if" condition if you only want to action if the IP is not in the whitelist.

Scott

DevCentral

Need iRule to block the traffic for specific URL

Sep 26th, 2023
MFA required on DevCentral

DevCentral

Need iRule to block the traffic for specific URL

Sep 26th, 2023MFA required on DevCentral

Sep 26th, 2023
MFA required on DevCentral