Forum Discussion

6 Replies

  • when HTTP_REQUEST {
        if {[string tolower [HTTP::query]] contains "redirect=/admin"} {
            HTTP::respond 404
        }
    }
    
  • If by limited you mean rejected:

    when HTTP_REQUEST {
        if { [HTTP::uri] contains "login" } {
            HTTP::close
        }
    }
    
  • Josiah_39459's avatar
    Josiah_39459
    Historic F5 Account

    If you want one uri to come to the F5 and another uri to bypass the F5, that's impossible, since a DNS server only gets a host name name and the uri is at a different (higher) layer. The best you could do is have the F5 send the traffic from one uri to one pool, and another uri to a different pool, but it still has to traverse the F5.

     

    If your meaning is different, please describe more clearly.

     

  • Updated to include checking of source IP address:

    when RULE_INIT {
        set static::admin_datagroup "admin_datagroup"
    }
    when HTTP_REQUEST {
        if {[string tolower [HTTP::query]] contains "redirect=/admin"} {
            if { ! [class match [IP::client_addr] equals $static::admin_datagroup] } {
                HTTP::respond 404
            }
        }
    }
    
  • You can replace condition

    [string tolower [HTTP::query]] contains "redirect=/admin"
    

    with (this will search

    redirect
    parameter in query string and filter on the parameter value)

    [string to lower [URI::query [HTTP::uri] redirect]] starts_with "/admin"
    

    or

    [string to lower [URI::query [HTTP::uri] redirect]] equals "/admin"
    

    One other recommendation is to filter on HTTP::path instead of HTTP::uri if login string is in path part of the URI.

    The final iRule can be:

    when RULE_INIT {
        set static::admin_datagroup "admin_datagroup"
    }
    when HTTP_REQUEST {
        if {([HTTP::path] ends_with "/login/") && ([string to lower [URI::query [HTTP::uri] redirect]] starts_with "/admin")&& ! [class match [IP::client_addr] equals $static::admin_datagroup]} {
                HTTP::respond 404
        }
    }