Forum Discussion

veredgf_96123's avatar
veredgf_96123
Icon for Nimbostratus rankNimbostratus
May 17, 2018

irule for whitelist under certain path

Hi,

 

I am looking for an irule that will do the following - prevent access to all locations under a certain path - i.e., anything under should be block. and I want to have an exception group of urls under that path to allow.

 

Thanks, Vered

 

  • Create a datagroup to store your exceptions and use an iRule like this

    when HTTP_REQUEST {
        if {[HTTP::uri] starts_with "/yyy"} {
            if {!([class match [HTTP::uri] contains "exceptions_datagroup"])} {
                reject
            }
        }   
    }
    
  • I would recommend to use string tolower in front of.

    when HTTP_REQUEST {
        if {[string tolower [HTTP::uri]] starts_with "/yyy"} {
         .......
    
  • Hi,

     

    You can use this code:

     

    when HTTP_REQUEST {
        set reqBlock 0
        if {[HTTP::uri] starts_with "/yyy"} {
            if {!([class match [HTTP::uri] contains "exceptions_datagroup"])} {
                set reqBlock 1
            }
        }
    }
    
    when ASM_REQUEST_DONE {
         Block not allowed request with ASM if enabled. Raise ASM user defined violation FILTER_IRULE_VIOLATION
        if {$reqBlock} {
            set violation_details [list [list Reason iRule_Event]]
            lappend violation_details [list Filter URI_Not_Allowed]
            }
            ASM::raise FILTER_IRULE_VIOLATION $violation_details
        }
    }
    
    when HTTP_REQUEST_SEND {
         Block not allowed request with HTTP 403 code if ASM did not.
        if {$reqBlock} {
            clientside {
                HTTP::respond 403 -version "1.1" content "Request RejectedYou are not authorized to access this page" noserver Connection Close
            }
        }
    }
    

    before Applying this code, do following configuration:

     

    • create a new violation FILTER_IRULE_VIOLATION in Security ›› Options : Application Security : Advanced Configuration : Violations List
    • In the policy configuration Security ›› Application Security : Policy : Policy Properties, enable Trigger ASM iRule Events
    • In Policy blocking settings Security ›› Application Security : Policy Building : Learning and Blocking Settings, enable Block and Alarm for the violation FILTER_IRULE_VIOLATION
  • Thank you for all the responses -

     

    In the end I used the IRULE I wrote as mentioned above but what was missing was the V on "trigger ASM IRULE events" and that's why the rule didn't seem to work.

     

    Thanks,

     

    Vered

     

    • Stanislas_Piro2's avatar
      Stanislas_Piro2
      Icon for Cumulonimbus rankCumulonimbus

      glad this helped you.

       

      To make easier to find by next admins with same need, you can mark the right answer as question solution. ;-)