Selective Access within Application via iRule

Question

Greetings, iRule experts!&nbsp;
I'm trying to block access to certain pages within application using data group but can't make it work. The problem is that blocked and accessible pages are located under the same /Application. Example, URI /Application/Administration/Index.aspx must be blocked, whereas URI /Application/PasswordReset/Index.aspx should be accessible. Another difficulty is that every page has multiple page objects (.js, .css, etc.). &nbsp;
What would be best solution for this? Many thanks!&nbsp;

andos · Answer

You could use an irule.
If everything under say /Application/Administration/ should be blocked and /Application/PasswordReset/ should be allowed then perhaps the irule in this thread might be what you are after.
https://devcentral.f5.com/questions/block-url-49989
Just have your datagroup as
class blockthis {
    "/application/administration/"
    "/application/anotherblocked/"
}

and change equals to starts_with in the evaluation
when HTTP_REQUEST {
    if { [class match [string tolower [HTTP::uri]] starts_with blockthis] } {
        drop
   }
}

/Andreas

nick_palmer_f5 · Answer

Hi Andreas, and thanks for your comment! My issue was CaSe SensiTive. I went with data group and string tolower.&nbsp;

Forum Discussion

Selective Access within Application via iRule

2 Replies

Recent Discussions

ASM instance creation

[ASM] - what is "Browser Challange file" ?

[ASM] - HTML5 Cross-Domain Request Enforcement - CLI command

Reverse Proxy Not Behaving

Stable Firmware for F5

Related Content

Selective mutual authentication by HTTP::Host

Application tunnel Failed to download configuration

No more http Portal Access

BIG-IP API - WAF suggestions - issue in selecting properties

HTTPS Application Configuration