Forum Discussion

Joe_Pipitone's avatar
Joe_Pipitone
Icon for Nimbostratus rankNimbostratus
Jan 28, 2013

Block appended portions of URI

We have a site in particular where we'd like to only allow a certain few strings to display our webpages, and anything after those strings gets blocked.

For example:

http://ourwebsite.com/directoryinformation/something?something -> gets blocked

http://ourwebsite.com/directoryinformation/ -> Allowed

http://ourwebsite.com/anothersection/ -> Allowed

As far as where to start - would I need to get into string matching, or some type of character matching? I know how to match the string and redirect if needed, however I don't know how I would block further requests if more data is appended to the end of the uri.

For instance - it is my understanding that matchclass is no longer being used in v10 - we are running v10.2.3. So I could create a data group and check to see if these strings match?

Essentially, we would need to accept a URL with the following directories, and pass them through unchanged:

class
match [
HTTP::uri
] 
ends_with
directoryinformation

class
match [
HTTP::uri
] 
ends_with
anothersection

class
match [
HTTP::uri
] 
ends_with
forums

I appreciate any guidance.

application delivery
dev
devops
iRules

2 Replies

Sort By
  • The_Bhattman's avatar
    The_Bhattman
    Icon for Nimbostratus rankNimbostratus
    Jan 28, 2013
    Hi Joe,

     

    THere are several ways you can approach this. The following is a simple example of the structure of using an irule to block specific paths in the URI

     

     

     

    class blocked_uri {

     

    "something"

     

    "somethingelse"

     

    }

     

     

     

    when HTTP_REQUEST {

     

    if { { [class match [string tolower [HTTP::path]] ends_with blocked_uri ] } {

     

    reject

     

    }

     

    }

     

    [HTTP::path] can be replaced with other commands

     

     

    I hope this helps

     

     

    =Bhattman=
  • Joe_Pipitone's avatar
    Joe_Pipitone
    Icon for Nimbostratus rankNimbostratus
    Jan 29, 2013
    Thank you! I was close, I was using HTTP::uri, but I see now why you used path.

     

     

    Would this solution allow for us to allow "something" to pass through, but block "something?whatever.aspx" - meaning, if someone doesn't specifically type "something" then they are rejected?

     

     

    Ideally someone going to http://oursite.com/something would be allowed, however http://oursite.com/something?somethingelse would be rejected - this class match would consider this a rejected URI, right?

     

     

    I'll do some testing on my end and see what I can come up with. Thank you again.