Forum Discussion

Ravager's avatar
Ravager
Icon for Altostratus rankAltostratus
Nov 19, 2019

LTM redirection at directory level

Hopefully an easy query for someone.

 

What is the correct secure way to ensure users cannot access top level folders on a webserver.

 

ie have https:\\xxx.com with 3 sites \site1, \site2, \site3

 

I need to create 3 virtual servers that only allow traffic to each of the paths and anything under that level.

Plus a second optional requirement for some of them they all have different certificates so if you say type site1.com you get redirected to site1.com\site1 without seeing the \site1

 

Thank you.

ASM Advanced WAF
LTM
security

4 Replies

Sort By
  • Enes_Afsin_Al's avatar
    Enes_Afsin_Al
    Icon for MVP rankMVP
    Nov 19, 2019

    Hi Ravager,

    If you have one domain:

    when HTTP_REQUEST {
	if { [HTTP::host] equals "xxx.com" and [HTTP::uri] equals "/" } {
		drop
		# or redirect
		# HTTP::redirect "https://xxx.com/xyz.html"
	}
}

    If you have 3 domains, you can try this iRule:

    when HTTP_REQUEST {
	if { [HTTP::uri] equals "/" } {
		switch -glob [HTTP::host] {
			"site1.com" { HTTP::uri "/site1" }
			"site2.com" { HTTP::uri "/site2" }
			"site3.com" { HTTP::uri "/site3" }
		}
	}
}
  • Ravager's avatar
    Ravager
    Icon for Altostratus rankAltostratus
    Nov 20, 2019

    Thanks for the answer, I suspect thats not going to prevent someone from typing something like site.com/default ? I am trying to also prevent people from accessing anything but the /path and downwards?

  • Enes_Afsin_Al's avatar
    Enes_Afsin_Al
    Icon for MVP rankMVP
    Nov 20, 2019

    You can block all uri not starts with site1, site2, site3.

    when HTTP_REQUEST {
	switch -glob [HTTP::uri] {
		"/site1*" -
		"/site2*" -
		"/site3*" { }
		default { drop }
	}
}