alargent_168199
Feb 12, 2016Nimbostratus
iRules not evaluating as expected?
I am hosting many URLs on a single IP address, directing them to the various pools based on URL. I want to block certain HTTP methods to all, but allow PUT to an URL that hosts an API app. So I have stacked the rules, and then I even set a priority, but it is still evaluating the rule that blocks PUT after I direct it to the API pool.
The rules are stacked in this order in the GUI
when HTTP_REQUEST priority 400 {
set methods [list "CONNECT" "DELETE" "OPTIONS" "TRACE" "PROPFIND" ]
if { not ( [string tolower [HTTP::host]] ends_with "abc.com" ) } {
reject
}
if { [lsearch $methods [HTTP::method]] ne -1 } {
reject
}
}
when HTTP_REQUEST priority 425 {
if { ( [string tolower [HTTP::host]] equals "api.abc.com" ) } {
log local0. "Request for [HTTP::host] - client is [IP::client_addr] port [TCP::client_port] method [HTTP::method]"
pool API_pool
return
}
}
when HTTP_REQUEST priority 450 {
set sec_put_methods [list "PUT" ]
if { [lsearch $sec_put_methods [HTTP::method]] ne -1 } {
log local0. "Client is [IP::client_addr] port [TCP::client_port] method [HTTP::method] - DENIED"
reject
}
}
PUT calls to API are still being blocked. Logs look like:
Feb 12 10:32:14 vlb info tmm3[12053]: Rule /Common/xxx : Request for api.abc.com - client is 1.2.3.4 port 60170 method PUT Feb 12 10:32:14 vlb info tmm3[12053]: Rule /Common/xxxx : Client is 1.2.3.4 port 60170 method PUT - DENIED
What am I missing here?