Forum Discussion

stan_peachey_86's avatar
stan_peachey_86
Icon for Cirrus rankCirrus
Nov 16, 2015
Solved

iRule to remove uri if it starts with a specific path

I'm trying to write an iRule (v11.6) that simply removes the entire uri if someone tries to enter a forbidden path. If host is https://foo.com and they try to add https://foo.com/console or any path that begins with /console/, we want it to strip the uri completeley and just request https://foo.com

This is what I currently have. Is there a better way to strip uri than a redirect, or does this look acceptable? Suggestions are welcome and appreciated.

when HTTP_REQUEST {
  if { [string tolower [HTTP::uri]] starts_with "/console" } {
  HTTP::redirect https://[HTTP::host]
 }
}
application delivery
iRules
LTM
  • Brad_Parker_139's avatar
    Brad_Parker_139
    Nov 16, 2015

    A redirect is good here if you don't want to issue a 403. If you are going to use a redirect I would suggest a 301 to minimize on repeat traffic from users. 301 is a permanent redirect and the browser will do an internal redirect next time the browser visits vs 302 the browser will always hit your VIP to get the redirect.

    when HTTP_REQUEST {
    if { [string tolower [HTTP::uri]] starts_with "/console" } {
        HTTP::respond 301 noserver Location "https://[HTTP::host]"
    }
}

6 Replies

Sort By
  • nathe's avatar
    nathe
    Icon for Cirrocumulus rankCirrocumulus
    Nov 16, 2015

    Stan,

    What about:

    when HTTP_REQUEST {
  if { [string tolower [HTTP::uri]] starts_with "/console" } {
  HTTP::uri "/"
 }
}

    My lab is down at the moment so can't test but should work.

    N

  • Matt_Dierick's avatar
    Matt_Dierick
    Icon for Employee rankEmployee
    Nov 16, 2015

    With redirect, user will get a 30x. So, you will have more requests and connections.

     

    Nathan changes URI by a new one for the same connection. Faster and less consuming.

     

  • Brad_Parker_139's avatar
    Brad_Parker_139
    Icon for Nacreous rankNacreous
    Nov 16, 2015

    A redirect is good here if you don't want to issue a 403. If you are going to use a redirect I would suggest a 301 to minimize on repeat traffic from users. 301 is a permanent redirect and the browser will do an internal redirect next time the browser visits vs 302 the browser will always hit your VIP to get the redirect.

    when HTTP_REQUEST {
    if { [string tolower [HTTP::uri]] starts_with "/console" } {
        HTTP::respond 301 noserver Location "https://[HTTP::host]"
    }
}
  • Brad_Parker's avatar
    Brad_Parker
    Icon for Cirrus rankCirrus
    Nov 16, 2015

    A redirect is good here if you don't want to issue a 403. If you are going to use a redirect I would suggest a 301 to minimize on repeat traffic from users. 301 is a permanent redirect and the browser will do an internal redirect next time the browser visits vs 302 the browser will always hit your VIP to get the redirect.

    when HTTP_REQUEST {
    if { [string tolower [HTTP::uri]] starts_with "/console" } {
        HTTP::respond 301 noserver Location "https://[HTTP::host]"
    }
}