20 Lines or Less #3

What could you do with your code in 20 Lines or Less? That's the question I ask every week, and every week I go looking to find cool new examples that show just how flexible and powerful iRules can be without getting complicated.

We've got a couple of codeshare entries and an entry courtesy of Joe in the forums. I figure with all the ribbing he gives me for the 20LoL series it's only fair he contributes, knowingly or not. Then again it's in the true spirit of a programmer to steal ... err ... borrow code from all available sources to achieve your desired result. I wouldn't want to break tradition!

Whether you're dealing with cookie ordering, path traversal or multi-comparisons, there's something here for you this week. Here's your weekly dose of 20LoL - my apologies for the distinct lack of kittehs this week.

Reorder Http Cookies

Whether your program is set to look for cookies in a certain order, or you're just a touch OCD and demand your cookies stay "clean" and organized, this iRule is for you.

when HTTP_REQUEST {  if { [HTTP::cookie exists "cookie-name"] } {    set cookie_s [HTTP::cookie "cookie-name"]    HTTP::cookie remove "cookie-name"    set cookie_a [HTTP::header cookie]    HTTP::header replace "cookie" "$cookie_a; WLSID=$cookie_s"  }}

 

Path Traversal Detection

Path traversal is bad, mmkay? Path traversal is when someone tries to execute arbitrary commands on your system, and general act like bad users. Help stop them from getting access to system commands via your webserver with some simple iRules like this one.

when RULE_INIT {   set ::vDebug 1}when HTTP_REQUEST {   if { [HTTP::query] matches_regex {^.*=(\.\.|/)[[A-Za-z0-9./]*]*.*$} } {   if { $::vDebug } {      log local0. "Triggered by IP [IP::client_addr] with URI [HTTP::uri]"   }   reject   }}

Multi-part Comparisons

This forum post talks about doing a multi-part comparison to look for the first letter(s) of a URI and send users to different pools based on that information. This proved to be a little un-intuitive, but Joe came to the rescue with a great switch solution, even though hoolio's workable solution shouldn't be overlooked.  Go-go glob matching ftw!

when HTTP_REQUEST {
  # Parse the fist character in the path
  switch -glob [HTTP::path] {
    "/[a-cA-C]*" {
      pool test1
    }
    "/[d-lD-L]*" {
      pool test2
    }
    "/[m-rM-R]*" {
      pool test3
    }
    "/[s-zS-Z]*" {
      pool test4
    }
    default {
      # Requested URI was a leading forward slash only
      pool test5
    }
  }
}
Published Apr 25, 2008
Version 1.0
20 lines or less
20lines
application delivery
dev
devops
hardware
iRules
us

Was this article helpful?

No CommentsBe the first to comment