Can I have a data group, with "data group" members
Hi;
I am trying to have an i-rule that checks for URLs in a data group, then based on the URL value it allows certain methods.
For example, the URL path /abc/xyz/ can have GET and POST. However a different URL path can only have GET.
It would be great if I can check the URL against a certain data group of URLs and then for each URL in this data group, there is a specific data group of http methods.
I guess more like a two dimensional array or like a data group of URLs but each member is a "URL and its associated methods".
Or a data group with "data group" members, each member is referenced by a URL and has a list of methods.
Kindly
Wasfi
I did a quick test and this seems to work pretty well. You'll want to use an "allow list" rather than a "block list" for security reasons.
Of course all code should be thoroughly tested before use in production. Use at your own risk.
when HTTP_REQUEST { set uri_path_name [string tolower [HTTP::uri] ] set http_method [string toupper [HTTP::method] ] set allowed_methods [class match -value $uri_path_name equals http_method_allowlist ] log local0. "Allowed methods: $allowed_methods for URI: ${uri_path_name}, this request is ${http_method}" if { [expr { ${allowed_methods} contains ${http_method} } ] } { log local0. "allow" return } else { log local0. "disallow" reject return } }