Block uri iRule review....Pls

Question

Hello I just have a simple requirement ie to allow only certain uri's. I just want to check to see if the below iRule will do the trick and not cause any problems...
===========================================================================
when HTTP_REQUEST {
if { [class match [HTTP::uri] ne "allowed_uris"] } 
    {

drop

}
}
===========================================================================
And I create a data group called "allow_uri's" with /sales, /reports,/data
Will the above irule block www.abc.com/sales/1quarter/check? since I did not specify the second part of uri...should I also add "/sales/1quarter/check?" to the data group or just add "/sales/*"
What are pro's and con's using drop vs reject.I know reject sends a notification back saying invalid request.
Thank you.

yann_desmarest · Answer

Hello,&nbsp;
To get the uri part without the query string, you should use HTTP::path instead.&nbsp;
drop, discard commands cause the client to timeout because nothing is sent to the client.&nbsp;
reject send a tcp reset to the client.&nbsp;
When using http/https, I prefer to answer an http error instead of a tcp action.&nbsp;
And I would recommend to use starts_with or contains instead of ne for the condition in the class match&nbsp;

Forum Discussion

Block uri iRule review....Pls

1 Reply

Recent Discussions

Server 2 causing application slowness

F5Access | MacOS Sonoma

AS3 Deployments (shared objects)

Inquiry on F5's Maintenance Mode Feature for Pool Members

Ansible modules for F5OS

Related Content

Blocking domains

Block Active-Sync on Virtual Server

WAF Blocking templates on upload

Understand why F5 blocked images on my webpage

iRule to block paths is not working properly after decoding HTTP::uri