IRULE to block URI after a specific date

Hi Graham,

 

 

This should be doable, but keep in mind that the logic of the iRule could be bypassed:

 

http://devcentral.f5.com/Default.aspx?tabid=53&view=topic&postid=30900&ptarget=30901

 

 

Basically, you could use [class match -value [HTTP::uri] starts_with uri_to_date_dg] to get the "expire date" and then check if the current date ([clock format [clock seconds] -format "%d%m%Y ) is earlier.

 

 

https://devcentral.f5.com/wiki/iRules.class.ashx

 

http://www.tcl.tk/man/tcl8.4/TclCmd/clock.htm

 

 

Aaron

Thanks Aaron

 

 

I am going to give this a bash today and see how I get on.

 

 

Regards

 

Sounds good. Let us know if you get stuck.

 

 

Aaron

I have managed to get the date check working and now 'expired' hosts get sent to a notfound page:

 

when HTTP_REQUEST {

 

 

set debug 1

 

set datecheck CLASS_DATE_CHECK

 

set today [clock format [clock seconds] -format {%Y%m%d} ]

 

set expiry_date [class match -value [string tolower [HTTP::uri]] starts_with $datecheck]

 

set uriexpired 0

 

 

if {($expiry_date < $today)} {

 

set uriexpired 1

 

}

 

 

 

if {($uriexpired equals "1") and ([HTTP::uri] equals [class match -name [string tolower [HTTP::uri]] starts_with $datecheck])} {

 

if {$debug > 0} {

 

log local0. "uri=[HTTP::uri] and Classmatch=[class match -name [string tolower [HTTP::uri]] starts_with $datecheck]"

 

}

 

HTTP::respond 302 noserver Location "http://www.test.com/notfound"

 

 

 

Still looking at the URI part though. My customer wants to publish a random string before the actual 'real' uri.

 

 

i.e. http://www.test.com/123456789/testsite1

 

 

I need to remove the /123456789 before passing to pool and then add it back in before responding to clients.

 

As the string will be randomly generated I cannot use a string replace.

 

I was looking at stream profile's too but not sure which option would work best?

 

Any thoughts?

 

I need to remove the /123456789 before passing to pool and then add it back in before responding to clients. can we strip off random string using "scan" command and set new uri using "HTTP::uri" command? i do not think we need to put random string back because HTTP::uri does not change uri in browser.

% set uri "/123456789/testsite1"
/123456789/testsite1
% scan $uri {/%*[^/]%s} real
1
% put $real
/testsite1

HTTP::uri wiki

https://devcentral.f5.com/wiki/iRules.HTTP__uri.ashx

hope this helps.

Nitass - thanks for response.

 

 

Not sure I follow this though ?

 

% set uri "/123456789/testsite1"

 

/123456789/testsite1

 

% scan $uri {/%*[^/]%s} real

 

1

 

% put $real

 

/testsite1

 

 

I was looking at doing this

 

 

if {[HTTP::uri] starts_with "/xxl"} {

 

HTTP::uri [string range [HTTP::uri] 9 end]

 

 

Which would mean they would need to start their random string withh xx and IRULE would strip off the characters.

 

 

I could then add this back in under HTTP response?

 

 

 

 

I noticed that you're using a 302 to send people to the Not Found page:

 

HTTP::respond 302 noserver Location "http://www.test.com/notfound"

 

Depending on how that page is handled you may be sending a 200 OK instead of a 404 (or 410), which can cause all kinds of issues (e.g. monitoring, SEO).

 

Also, if the URL will never be used again you'll want to use a 301 instead of a 302.

 

 

 

Thanks Arie

 

 

We use the 302/Notfound on a lot of our sites and I am not aware of any issues.

 

Also - the URL depnds on what they have entered so it's not guaranteed to be a 301.

 

 

Regards

 

 

Graham

 

I could then add this back in under HTTP response? i do not think you have to add random string back in response because response does not contain uri.

e.g.

[root@ve10:Active] config  curl -I http://173.194.38.151 -H "Host: www.google.com.sg"
HTTP/1.1 200 OK
Date: Sat, 26 Jan 2013 05:36:46 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=ISO-8859-1
Set-Cookie: PREF=ID=626f6a4a1383b4d0:FF=0:TM=1359178606:LM=1359178606:S=HiBcK-bkAGzoSgye; expires=Mon, 26-Jan-2015 05:36:46 GMT; path=/; domain=.google.com.sg
Set-Cookie: NID=67=PQ8Uh28-eIqGM8pHjg7epoVjKgqvs8OGq4gYUr1-rFpuOIwN2nGWBy72iIpF2nqlEu51v6KDfWHnlKl2bDeAhyQsSllHNjHlvMf972l8ho46SU8rBcZFlSqXRpkSdfm6; expires=Sun, 28-Jul-2013 05:36:46 GMT; path=/; domain=.google.com.sg; HttpOnly
P3P: CP="This is not a P3P policy! See http://www.google.com/support/accounts/bin/answer.py?hl=en&answer=151657 for more info."
Server: gws
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Transfer-Encoding: chunked