Forum Discussion

Michael_Mau_108's avatar
Michael_Mau_108
Icon for Nimbostratus rankNimbostratus
Feb 16, 2008

REGEXP parsing URI

Hello all,

 

I have a customer who assigns each of his 100+ users with a service name, so he is able to indentify who each customer group is, and what environment they are trying to access (acceptance, test, or production. And example is XML_TCPP_T (test example). This service name is always capitol, and always the first part of the URI.

 

I have created an I-rule that should compare this service name, and reject requests based on whether it matches or not; but and having problems. I am not showing any errors in the i-rule stats, but the customer is saying requests that should be rejected are passing though.

 

We are currently using v.9.0.1, but have certified and are upgrading to v9.3.1 shortly. The only thing I can think of, is the "discard" line is not working as expected. I was hoping someone could take a look at my i-rule, or was wondering if there are any known errors with the discard command in my current version.

 

when HTTP_REQUEST {

 

if { [regexp matches_regex {XML_[A-Z]*_(P|T)} [HTTP::uri]] }

 

{

 

discard

 

}

 

}

 

 

Thanks for any unsight you can provide.

 

-Mike
application delivery
dev
devops
iRules

4 Replies

Sort By
  • The_Bhattman's avatar
    The_Bhattman
    Icon for Nimbostratus rankNimbostratus
    Feb 17, 2008
    Hi Mike,

     

     

    Regular expressions take too long. I think you can get this done by performing the following

     

     

     

    switch [HTTP::uri] {

     

    "XML_[A-Z]*_P " {

     

    Do something

     

    }

     

    "XML_[A-Z]*_T" {

     

    Do something

     

    }

     

    }

     

     

    If it doesn't match these 2 switch statements it terminates. There is a 101 article on it.

     

    http://devcentral.f5.com/Default.aspx?tabid=63&articleType=ArticleView&articleId=129
  • Joe_Pruitt's avatar
    Joe_Pruitt
    Feb 17, 2008
    Don't forget the "-glob" argument to switch to enable the "file-globbing" matching.

    switch -glob [HTTP::uri] {
  "XML_[A-Z]*_P" {
     do something
  }
  "XML_[A-Z]*_T" {
     do something
  }
  default {
     do something else
  }
}

    If you want to combine the first two cases, you could use either 

    switch -glob [HTTP::uri] {
  "XML_[A-Z]*_[PT]" {
     do something
  }
  default {
     do something else
  }
}

    or

    switch -glob [HTTP::uri] {
  "XML_[A-Z]*_P" -
  "XML_[A-Z]*_T" {
     do something
  }
  default {
     do something else
  }
}

    -Joe

  • Michael_Mau_108's avatar
    Michael_Mau_108
    Icon for Nimbostratus rankNimbostratus
    Feb 18, 2008
    Thanks for the replies. I appreciate it. I still have to put more thought into which version would be the most effective:

     

     

    when HTTP_REQUEST {

     

    switch -glob [HTTP::uri] {

     

    "XML_[A-Z]*_P" -

     

    "XML_[A-Z]*_T"

     

    {

     

    drop

     

    }

     

    default {

     

    pool pool-default

     

    }

     

    }

     

    }

     

    OR

     

    when HTTP_REQUEST {

     

    switch -glob [HTTP::uri] {

     

    "XML_[A-Z]*_T"

     

    {

     

    pool pool-default

     

    }

     

    default {

     

    drop

     

    }

     

    }

     

    }

     

    Either way I go about it, I will have to create a unique i-rule for each unique VIP. Is there any way to send the request to which ever pool is defined within the VIP that the rule is applied to, rather than send to a pool within the I-rule?

     

    Is there any way to say within the rule, to match a URI and reject that request, and if there are no matches, to not use a default statement; or is the request automatically dropped if there is no match for HTTP::uri?

     

    Thanks for the help.

     

  • Nicolas_Menant's avatar
    Nicolas_Menant
    Icon for Employee rankEmployee
    Feb 18, 2008
    If your iRule doesn't match anything the BIGIP will use the pool defined in your vs configuration.

     

     

    But if you use a default statement in your switch command to discard everything then you'll never use your default pool defined.

     

     

    So if you want to do so you need to use the first statement where you can remove the default statement then. Should look like this

     

     

    when HTTP_REQUEST {

     

    switch -glob [HTTP::uri] {

     

    "XML_[A-Z]*_P" -

     

    "XML_[A-Z]*_T"

     

    {

     

    drop

     

    }

     

    }

     

    }

     

     

    You should even be able to remove the statement "XML_[A-Z]*_P" - since you don't do anything with it. It will save processing.

     

     

    HTH