Forum Discussion

David_Leach_148's avatar
David_Leach_148
Icon for Nimbostratus rankNimbostratus
Mar 26, 2014
Solved

I rule to only allow GETs to elastic

We presently don't have any iRules in place so I'm a little new to this. What we're wanting is to only allow GETS to a particular virtual host and to drop all other types of requests.

 

What is the best way to achieve this?

 

Any assistance appreciated.

 

We have a BIGIP 1600

 

APM
application delivery
devops
iRules
security
  • Richard__Harlan's avatar
    Richard__Harlan
    Mar 26, 2014

    You could do something simple like

    when HTTP_REQUEST {
    if { [HTTP::method] equals "GET" } {
       pool 
       } else {
         HTTP::respond 405 "Method not allowedMethod not allowed"
         }
}

5 Replies

Sort By
  • Richard__Harlan's avatar
    Richard__Harlan
    Historic F5 Account
    Mar 26, 2014

    You could do something simple like

    when HTTP_REQUEST {
    if { [HTTP::method] equals "GET" } {
       pool 
       } else {
         HTTP::respond 405 "Method not allowedMethod not allowed"
         }
}
    • David_Leach_148's avatar
      David_Leach_148
      Icon for Nimbostratus rankNimbostratus
      Mar 26, 2014
      Oh, we still want GET request to go to all other webservers. It's only the one pool we want to restrict to only having GETS. So would we do something like this... when HTTP_REQUEST { if { [HTTP::method] equals "GET" } && { [pool equals elastic]}{ pool elastic } else { HTTP::respond 405 "Method not allowed" } }
  • safeinst_110941's avatar
    safeinst_110941
    Icon for Cirrus rankCirrus
    Mar 26, 2014
    when HTTP_REQUEST {
if { ![[HTTP::method] equals "GET"] } {
   drop
   } 
}

    Richard, I like where you are going with that iRule, you might want to simplify it down to something like above.

  • IheartF5_45022's avatar
    IheartF5_45022
    Icon for Nacreous rankNacreous
    Mar 26, 2014

    The original request mentioned virtual Hosts so perhaps the Host headers should be referenced?

    when HTTP_REQUEST {
    if {[HTTP::host] eq "mysite.com"} {
        if { ![[HTTP::method] equals "GET"] } {
            drop
        } 
    }
}