Forum Discussion
Andy_Herrman_22
Jun 30, 2008Nimbostratus
Small tweak to the iRule to handle case properly:
when HTTP_REQUEST {
if { ( [matchclass [string tolower [HTTP::uri]] starts_with $::securePaths] ) and
! ( [matchclass [IP::client_addr] equals $::trustedAddresses] ) }
{
log local0. "Untrusted IP ([IP::client_addr]) attempting to access secure path ([HTTP::uri])"
discard
} else {
log local0. "Allowing connection from [IP::client_addr] to [HTTP::uri]"
forward
}
}
I have it converting the path to lowercase. This handles people trying to go to:
http://yourdomain.com/TeStInG
or other variants to try and get around your filtering. As long as you always use lowercase when defining entries in the datagroup you'll be good.