Forum Discussion
gscholz_370150
Nimbostratus
If you remove some brackets and one of the "if"s it works. You can always test it by logging the output to /var/log/ltm, see below.
when HTTP_REQUEST {
if {[string tolower "[HTTP::host][HTTP::path]"] equals "example.domain.com/xyz/ab/"
or [string tolower "[HTTP::host][HTTP::path]"] equals "example.domain.com/xyz/ab"} {
log local0. "Rejected Connection [HTTP::host][HTTP::path], converted [string tolower [HTTP::host][HTTP::path]]"
reject
}
}
gscholz_370150
Dec 21, 2018Nimbostratus
Even if HTTPS is used the contents of the Rule don't change. It is still an HTTP request and not an HTTPS request. If you want to find out whether the iRule gets hit at all, you could add another logging line, like below. In that case you should see one entry for every HTTP request, and a second one for every rejected request.
when HTTP_REQUEST {
log local0. "Requested connection [HTTP::host][HTTP::path], converted [string tolower [HTTP::host][HTTP::path]]"
if {[string tolower "[HTTP::host][HTTP::path]"] equals "example.domain.com/xyz/ab/"
or [string tolower "[HTTP::host][HTTP::path]"] equals "example.domain.com/xyz/ab"} {
log local0. "Rejected Connection [HTTP::host][HTTP::path], converted [string tolower [HTTP::host][HTTP::path]]"
reject
}
}
If you are unsure which virtual server gets hit you should be able to see that in a packet capture using tcpdump. Do you have shell access? (In theory packet capture is possible via the GUI as well, but I found it rather painful.)