Forum Discussion

arjun_ankathil_'s avatar
arjun_ankathil_
Icon for Nimbostratus rankNimbostratus
Apr 08, 2010

HTTP traffic deny - not working.

A request for test.test.com/BluePortServlets/PaymentPortal on HTTP was requested to be dropped , Configured below iRule and applied to VS , however traffic is still reached.

 

 

rule test_payment_rule

 

when HTTP_request { if {TCP::local_port != 443 and [HTTP::uri] contains "BluePortServlets/PaymentPortal" }{

 

drop }

 

 

Also tcpdump output shows POST messages being used to get to BluePortServlets/PaymentPortal

 

 

Can someone please advice on how to drop traffic this HTTP requested.
application delivery
dev
devops
iRules

5 Replies

Sort By
  • hooleylist's avatar
    hooleylist
    Icon for Cirrostratus rankCirrostratus
    Apr 08, 2010
    Hi Arjun,

    Are you applying this iRule to a port 80 HTTP VIP? If so, can you try this? 

    when HTTP_REQUEST {
   log local0. "[IP::client_addr]:[TCP::client_port]: [HTTP::method] request to [HTTP::host][HTTP::uri]"
   if {[HTTP::path] contains "BluePortServlets/PaymentPortal" }{
      log local0. "[IP::client_addr]:[TCP::client_port]: Dropping request to [HTTP::uri]"
      drop
   }
}

    Once you're done testing, you can comment out the debug logging.

    Aaron
  • arjun_ankathil_'s avatar
    arjun_ankathil_
    Icon for Nimbostratus rankNimbostratus
    Apr 08, 2010
    Hi Aaron,

     

     

    This didn't work . also

     

    log local0. "[IP::client_addr]:[TCP::client_port]: [HTTP::method] request to [HTTP::host][HTTP::uri] is giving a syntax error.

     

     

  • arjun_ankathil_'s avatar
    arjun_ankathil_
    Icon for Nimbostratus rankNimbostratus
    Apr 08, 2010
    Hi Aaron,

     

     

    This did n't work , Also log local0. "[IP::client_addr]:[TCP::client_port]: [HTTP::method] request to [HTTP::host][HTTP::uri] shows syntax error.
  • hooleylist's avatar
    hooleylist
    Icon for Cirrostratus rankCirrostratus
    Apr 08, 2010
    Sorry, somehow I had HTTP_REQUEST listed as HTTP_request. Can you try the edited example above?

     

     

    Thanks, Aaron
  • arjun_ankathil_'s avatar
    arjun_ankathil_
    Icon for Nimbostratus rankNimbostratus
    Apr 08, 2010
    Thanks Aaron, my bad , didn't think about that ..

     

     

    the logs indicate the GET request being dropped. but the user is directly doing a HTTP POST which still gets thru. Any idea on this ?

     

     

    Rule test_payment_drop : 10.201.49.150:4666: Dropping request to /BluePortServlets/PaymentPortal

     

     

    tcpdump output

     

    140242.291066167.210.219.37170.225.49.239HTTPPOST /BluePortServlets/PaymentPortal HTTP/

     

    .