NimbostratusHi,
I am looking for an irule that will do the following - prevent access to all locations under a certain path - i.e., anything under should be block. and I want to have an exception group of urls under that path to allow.
Thanks, Vered
NacreousCreate a datagroup to store your exceptions and use an iRule like this
when HTTP_REQUEST {
if {[HTTP::uri] starts_with "/yyy"} {
if {!([class match [HTTP::uri] contains "exceptions_datagroup"])} {
reject
}
}
}
MVPI would recommend to use string tolower in front of.
when HTTP_REQUEST {
if {[string tolower [HTTP::uri]] starts_with "/yyy"} {
.......
CumulonimbusHi,
You can use this code:
when HTTP_REQUEST {
set reqBlock 0
if {[HTTP::uri] starts_with "/yyy"} {
if {!([class match [HTTP::uri] contains "exceptions_datagroup"])} {
set reqBlock 1
}
}
}
when ASM_REQUEST_DONE {
Block not allowed request with ASM if enabled. Raise ASM user defined violation FILTER_IRULE_VIOLATION
if {$reqBlock} {
set violation_details [list [list Reason iRule_Event]]
lappend violation_details [list Filter URI_Not_Allowed]
}
ASM::raise FILTER_IRULE_VIOLATION $violation_details
}
}
when HTTP_REQUEST_SEND {
Block not allowed request with HTTP 403 code if ASM did not.
if {$reqBlock} {
clientside {
HTTP::respond 403 -version "1.1" content "Request RejectedYou are not authorized to access this page" noserver Connection Close
}
}
}
before Applying this code, do following configuration:
NimbostratusThank you for all the responses -
In the end I used the IRULE I wrote as mentioned above but what was missing was the V on "trigger ASM IRULE events" and that's why the rule didn't seem to work.
Thanks,
Vered
Cumulonimbusglad this helped you.
To make easier to find by next admins with same need, you can mark the right answer as question solution. ;-)