jtalkington_476
Sep 02, 2010Nimbostratus
Apache migration to iRule
Been handed the following from apache to migrate to an irule-
Only allow access to files in the following specific directories. The '[^/]+$' on
the end of each entry prevents any subdirectories of that directory from being
implicitly allowed.
RewriteCond %{REQUEST_URI} !^/[^/]*$
RewriteCond %{REQUEST_URI} !^/curriculum_images/[^/]+$
RewriteCond %{REQUEST_URI} !^/images/[^/]+$
RewriteCond %{REQUEST_URI} !^/img/[^/]+$
RewriteCond %{REQUEST_URI} !^/img/articles/[^/]+$
RewriteCond %{REQUEST_URI} !^/img/dhs/[^/]+$
RewriteCond %{REQUEST_URI} !^/img/FNF/[^/]+$
RewriteCond %{REQUEST_URI} !^/img/FNF/cis/[^/]+$
RewriteCond %{REQUEST_URI} !^/img/FNF/compliance/[^/]+$
RewriteCond %{REQUEST_URI} !^/img/icons/[^/]+$
RewriteCond %{REQUEST_URI} !^/img/icons2/[^/]+$
RewriteCond %{REQUEST_URI} !^/img/wiki_up/cis.fnf.com/[^/]+$
RewriteCond %{REQUEST_URI} !^/lib/[^/]+$
RewriteCond %{REQUEST_URI} !^/lib/Galaxia/img/icons/[^/]+$
RewriteCond %{REQUEST_URI} !^/styles/[^/]+$
Need to allow arbitrary subdirectory trees under '/training'.
RewriteCond %{REQUEST_URI} !^/training/
Deny anything that didn't match the above.
RewriteRule .* /proxy_denied.txt [L]
Also specifically deny access to https://cis.fnf.com/tiki-index.php?page=AdminPage
(or variations).
RewriteCond %{QUERY_STRING} AdminPage
RewriteRule .* /proxy_denied.txt [L]
And specifically deny access to scripts containing 'admin' anywhere in the name.
RewriteRule admin.*\.php$ /proxy_denied.txt [L]
And finally, block requests containing strange characters in the script name
portion (we should probably be checking the query string portion too, but we would
need to be very careful about the allowed character set, which would be broader
broader than this list).
RewriteRule [^-A-Za-z0-9_/.()\ ] /proxy_denied.txt [L]
I 've created most of the rule, but this last part is giving me problems, not sure how to write this to allow only A-Za-z0-9_/.()\ and deny everything else. Any suggestions?
The rules for compliance.fnf.com are the same except without these two lines:
RewriteCond %{REQUEST_URI} !^/img/dhs/[^/]+$
RewriteCond %{REQUEST_URI} !^/img/wiki_up/cis.fnf.com/[^/]+$