Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Answers

iRule to Allow A Specific URL to Access A Filetype

I would like to create an iRule to allow a specific URL to access a filetype, i.e. log, without allowing other sites using the same security policy to access that filetype. Is that possible?

0
Rate this Question

Answers to this Question

placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

This needs clarification - how can a URL access a file type? users access URLs which might end in a file type. I am guessing you probably mean an IP address not a URL?

My understanding of your requirements is the following:

  • You have an ASM policy assigned to multiple Virtual Servers (different websites)
  • This ASM policy is only allowing access to standard web files (i.e. .html .jpg .css .js) and is not not access to .log files
  • As an exception you want to allow one client identified by something (you say URL, but is it a referrer URL, or an IP address?) to bypass the ASM and request a .log file from one of the virtual servers without being blocked by ASM.
  • All other clients/users must still be blocked whenever they try to access a .log file type
  • You want to use an iRule for this functionality (which is fine you can use ASM::unblock command for example)

Please note that this can be solved with a local traffic policy on the virtual server to save you from the complexity of writing and maintaining an iRule.

0
Comments on this Answer
Comment made 4 weeks ago by John 168

Not looking to lockdown to a specific client. I want anyone going to http://site1.foo.com to be able to access .log files but deny access to this filetype to anyone going to http://site2.foo.com. Site1 and Site2 share the same ASM policy and virtual server.

0
Comment made 4 weeks ago by samstep 1854

Gotcha, this still can be done with Local Traffic Policy - simply create a traffic policy rule which will check the Host header to be 'site1.foo.com' and request URL ending in '.log' and then disable ASM as an action for that rule.

0