Forum Discussion
Lee_Sutcliffe
Jan 24, 2018Nacreous
Updated post with fully working iRule using datagroup
Datagroup:
ltm data-group internal restricted_dg {
records {
restricted {}
}
type string
}
Testing
curl --data "param1=restricted¶m2=notrestricted" http://10.1.1.1
Jan 24 14:13:20 BIGIP info tmm1[19064]: Rule /Common/ls-http-collect : Rejecting restricted content
iRule:
when HTTP_REQUEST {
if {[HTTP::header exists "Content-Length"] && [HTTP::header "Content-Length"] <= 1048576} {
set content_length [HTTP::header value "Content-Length"]
} else {
set content_length 1048576
}
if { $content_length > 0} {
if {[HTTP::method] eq "POST"} {
HTTP::collect [HTTP::header "Content-Length"]
}
} else {
log local0. "ERROR! Content Length = $content_length"
}
}
when HTTP_REQUEST_DATA {
set payload [HTTP::payload]
if {[class match $payload contains "restricted_dg"]} {
log local0. "Rejecting restricted content"
reject
}
}