Ok, we finally got it work the way we wanted.
We had to make it an and because of the negative logic we were working with.
when HTTP_REQUEST {
if {![class match [string tolower [HTTP::uri]] starts_with SplunkTest] and [HTTP::uri] ne "/" } {
HTTP::respond 200 content "TEST PERMISSION DENIED TO: [HTTP::uri] "
}
}
Once we figured out the solution we changed the logic to make it easier to a positive with the following
when HTTP_REQUEST {
if {[class match [string tolower [HTTP::uri]] starts_with SplunkTest] or [HTTP::uri] eq "/" }{
return
} else {
HTTP::respond 200 content "TEST 13 PERMISSION DENIED TO: [HTTP::uri] "
}
}
All is now functioning correctly and the site loads at speeds that are normal.
Thanks again for everyones help. DevCentral is so very valuable to the F5 solutions.
Jeff