URL check in Forwarding IP VS

Hi Pawel,

If you want to parse the HTTP content from the outbound requests, you'd need to apply an HTTP profile to the VIP. It would probably be easiest to create a second wildcard VIP (destination: 0.0.0.0, mask 0.0.0.0) on port 80 only with a type of 'standard' and then use a rule to parse the HTTP host and/or URI to make decisions about whether to allow the connection to continue. You'd want to disable address translation on the VIP and either forward the traffic from the iRule or set the pool to one containing the BIG-IP's default gateway. This wouldn't work if the connection was encrypted (HTTPS) as you couldn't decrypt the requests to arbitrary hosts. The rule could reference a class (called a datagroup in the GUI) named allowed_http_hosts:

  
  class allowed_http_hosts {  
     "google.com"  
     "example.com"  
  }  
  

  
  when HTTP_REQUEST {  
      Check if requested host is allowed  
     if {[matchclass [string tolower [HTTP::host]] contains $::allowed_http_hosts]}{  
        log local0. "[IP::client_addr]:[TCP::client_port] allowed request to [HTTP::host][HTTP::uri]"  
        forward  
     } else {  
        log local0. "[IP::client_addr]:[TCP::client_port] rejected request to [HTTP::host][HTTP::uri]"  
        reject  
     }  
  }  
  

Aaron

It works fine. Thanks a lot Aaron.

 

 

Regards,

 

Pawel