Forum Discussion

Javier_124486's avatar
Javier_124486
Icon for Nimbostratus rankNimbostratus
Sep 30, 2017

iRule and Datagroup with multiple conditions

Hello,

I am trying to create an iRule to drop traffic without using ASM, only LTM. I have four sets of conditions, two of then kind of nested, to execute the drop. "Basically" i have Datagroup ONE with allowed Specific URIs, Datagroup TWO with Specific disallowed URI, Datagroup THREE with Wildcard for Allowed URIs and Datagroup Four for Wildcard Disallowed (and yes, there are specific entries that match the opposite wildcards)

First Set of Conditions: Check an URI within a Datagroup ONE and within Datagroup TWO. If it is included in Datagroup TWO but NOT in Datagroup ONE continue with the second set of conditions

Second Set of condition: Check the same URI within DataGroup FOUR. (Datagroup 3 is not going to be used since the default action is allow) If it is included in Datagroup FOUR

    Execute an action (Drop.

I was reading and it is possible to negate a Datagroup at the beginning of the sentence

`text`when HTTP_REQUEST
{
    if { [class match [HTTP::uri] equals TWO] || [class match [HTTP::uri] starts_with FOUR] }

    { if { not [class match [HTTP::uri] equals ONE] ] } 
        Drop
    }

At this point i am not going to use the wildcard for allowed, Datagroup THREE, since the default option will be allowed. It may be something easy but i am unable to get it...

1 Reply

  • Hi,

    the better solution is not to create 4 data groups but only 2 containing action in value.

    • specific_uri with values:
      • /uri1 := allow
      • /uri2 := deny
      • /uri3 := allow
    • wildcard_uri with values:
      • /uri4/ := allow
      • /uri5/ := deny
      • /uri6/ := allow

    then use this irule:

    when HTTP_REQUEST {
        if {[set policy_status [class match -value [HTTP::uri] equals specific_uri]] equals ""} {
            set policy_status [class match -value [HTTP::uri] starts_with wildcard_uri]
        }
        switch $policy_status {
            "allow" {
                 do nothing
            }
            "deny" {
                HTTP::respond 200 content {Request denied}
            }
            default {
                 what is the default value
            }
        }
    }