Forum Discussion
21 Replies
Sort By
- hooleylistCirrostratusWith an IIS-based application, it's particularly difficult to handle all of the different encoding attacks in an iRule that a malicious user could send in the URI. See this post for some example iRules and sample obfuscation methods:
- Eric_FrankenfieNimbostratusWhere do I define the variable for the white list of allowable IP addresses?
- hooleylistCirrostratusYou can define the IP addresses or subnets in a datagroup of type: address in the GUI under Local Traffic >> iRules >> Datagroup List. If you're on 9.4.4 or higher, you should reference the datagroup name without the $:: prefix in older examples to allow for CMP compatibility.
- Eric_FrankenfieNimbostratusSo, would I just call the data group (testapiAllowList) by name like this?
when HTTP_REQUEST { if { [matchclass [string tolower [HTTP::path]] contains '/testapi.aspx'] } { if { !([matchclass [IP::client_addr] equals testapiAllowList])} { discard } else { } }
- hooleylistCirrostratusThat's close. Here's something to try:
when HTTP_REQUEST { if { [string tolower [HTTP::path]] contains "/testapi.aspx" } { if { !([matchclass [IP::client_addr] equals testapiAllowList])} { discard } } }
- Eric_FrankenfieNimbostratusThank you very much for your help and patience! I am new to iRules and really appreciate all the help I have received on DevCentral.
- iruler_85849Nimbostratus
Ok I am trying to work on an irule to allow an IP to a URI that contains matches a word in the path. but I am having no luck.. this is the irule I have in place
- iruler_85849NimbostratusOk I am trying to work on an irule to allow an IP to a URI that contains matches a word in the path. but I am having no luck.. this is the irule I have in place
- Kevin_StewartEmployeeSo you're saying, "if the requested path contains the string '/myword' and the client IP is NOT 127.0.0.01, then send a 'URL Blocked' message". Is this your intention?
when HTTP_REQUEST { log local0. "Path = [string tolower [HTTP::path]]" log local0. "Client IP = [IP::client_addr]" if { [IP::addr [IP::client_addr] equals 127.0.0.01/32] } { log local0. "Local client IP" } if { ( [string tolower [HTTP::path]] contains "/myword " ) and not ( [IP::addr [IP::client_addr] equals 127.0.0.01/32] ) } { log local0. "dropped" HTTP::respond 200 content "URL Blocked" } }
- iruler_85849Nimbostratus
Kevin
Yes you are correct with the understanding .
I do want to thank you for your help
Turning on the extra loging I see my trigger word is not staying in the uri when I am being moved from one VS to the other VS.
agian thank you.