Blocking the URL

Dear Dev Team,

 

 

Could you pls help in blocking any request coming to F5 with this format: http://www.xyz.com.us/portalu/connectOTS

 

 

 

Best Regards,

 

Adam

it should look like this. anyway, i've not yet tested it.

when HTTP_REQUEST { 
   if {([string tolower [HTTP::host]] equals "www.xyz.com.us") \
      and ([string tolower [HTTP::uri]] equals "/portalu/connectots")} {
      drop
   }
}

Yep, that'd do it. You could also change that to a reject, if you want to notify the client that the connection didn't go through, or you could do an HTTP::respond if you want to get really fancy and send some kind of customized error message.

 

 

That logic, however, is solid.

 

 

Colin

Please read hoolio's post on URL obfuscation techniques before relying on this as a holistic security practice:

 

 

http://devcentral.f5.com/Community/GroupDetails/tabid/1082223/asg/50/aft/30900/showtab/groupforums/Default.aspx31324 Click Here

Dear Steve,

 

 

I m getting the below error on IRule editor.

 

 

line 2: [parse error: PARSE syntax 33 {syntax error in expression " switch -glob [string tolower [HTTP::path]] ": variable references require preceding $}] [{ switch -glob [string tolower [HTTP::path]] }]

 

line 3: [undefined procedure: /xyz/bus*] ["/xyz/bus*" -]

 

line 4: [undefined procedure: /xyz/car*] ["/xyz/car*" {

 

line 8: [undefined procedure: elseif] [elseif { switch -glob [string tolower [HTTP::path]] } {

 

line 15: [command is not valid in the current scope] [} ]

 

See my response in the correct post: https://devcentral.f5.com/internal-forums/aft/2164949.