Forum Discussion
Kai_Wilke
Dec 10, 2015MVP
Hi Chris,
- the "contains" operator is acutally a "/web/verificationService" wildcard.
- the "starts_with" operator is acutally a "/web/verificationService*" wildcard.
- the "ends_with" operator is acutally a "*/web/verificationService" wildcard.
- the "equals" operator doesn't include any wildcards.
So you may want to change your code to use the "starts_with" operator to optimize accuracy and also performance.
when HTTP_REQUEST {
Base URL for filter
set restricted_url "/web/verificationService"
set redirected_url "/web"
Get the source IP.
set source_IP [IP::remote_addr]
If the request includes the restricted_url...
if { ([HTTP::uri] starts_with "$restricted_url") } {
Compare the the source IP against a list of internal IP addresses.
if { [IP::addr $source_IP equals 10.57.32.0/255.255.255.0] or
[IP::addr $source_IP equals 10.62.62.18/255.255.255.255] or
[IP::addr $source_IP equals 10.57.30.0/255.255.255.0] } {
The source IP is internal. Allow the request.
log local0. "Access to $restricted_url allowed. Source IP: $source_IP"
} else {
The source IP is not internal. Redirect the request.
log local0. "Access to $restricted_url redirected. Source IP: $source_IP"
HTTP::redirect "https://[getfield [HTTP::host] ":" 1]$redirected_url"
}
}
}
Cheers, Kai