Forum Discussion
hooleylist
Oct 01, 2009Cirrostratus
There is an issue with this in that someone could make a request to /doesnt_exist/../allowed_uri/whatever and that would bypass your rule logic and go to the default pool. The webserver would normalise the requested URI to /allowed_uri.
You can check a recent post for more discussions on this:
http://devcentral.f5.com/Default.aspx?tabid=53&view=topic&postid=30900&ptarget=30901
Aaron