Forum Discussion

jokragly's avatar
jokragly
Icon for Nimbostratus rankNimbostratus
Jun 22, 2010

Need assistance creating iRule to restrict or allow specific URLs

For instance we have an iRule that does a simple http to https redirect, now we need to restrict that you can only hit https://mysite.com/analytics and nothing else

 

 

we need an implicit Deny except if you match the URL above

 

 

 

when HTTP_REQUEST { if {[HTTP::host] eq "test.mysite.com" } { if { ([HTTP::path] starts_with "/analytics") or ([HTTP::path] eq "/") } { return } else { HTTP::respond 200 content "ErrorError No Access to: [HTTP::uri]" } }}
application delivery
dev
devops
iRules

3 Replies

Sort By
  • hooleylist's avatar
    hooleylist
    Icon for Cirrostratus rankCirrostratus
    Jun 23, 2010
    It would be simplest if you configured one HTTP VS and one HTTPS VS. You could then redirect all requests to the HTTP VS to HTTPS using an iRule like this: 

    
when HTTP_REQUEST {
   HTTP::respond 301 Location "https://[HTTP::host][HTTP::uri]
}

    You can use a separate iRule for the HTTPS VS to only allow access to the /analytics URI: 

    
when HTTP_REQUEST {

    Check if URI is not exactly /analytics
   if {not ([HTTP::uri] eq "/analytics")}{

      reject
   }
}

    Aaron
  • Michael_Yates's avatar
    Michael_Yates
    Icon for Nimbostratus rankNimbostratus
    Jun 23, 2010
    Here is an example that you can apply to both your HTTP and HTTPS Virtual Servers.

    If it is not HTTPS, then it will redirect to HTTPS.

    If the [HTTP::host] does not match exactly or the [HTTP::uri] does not start with "/analytics" then it will do one of actions I have commented out. You could choose the best action for your situation and alter it to your needs. 

    
when HTTP_REQUEST {
if { [TCP::local_port] != "443" } {
HTTP::redirect "https://[getfield [HTTP::host] ":" 1][HTTP::uri]"
}
if { !([HTTP::host] equals "mysite.com") or !([HTTP::uri] starts_with "/analytics") } {
HTTP::respond 403
HTTP::redirect http://www.google.com
HTTP::respond 301 Location "http://www.google.com"
HTTP::respond 200 content "ErrorError No Access to: [HTTP::uri]"
drop
reject
}
}
  • jokragly's avatar
    jokragly
    Icon for Nimbostratus rankNimbostratus
    Jun 23, 2010
    Thank you for the suggestions gentleman, I will give this a try.