problems with data group and http:host
hi, i have set up a forward http proxy, using the irule provided in Devcentral(current version 3.2), which works quite well. But due to security demands, i need to limit outgoing requests to only approved hosts, which has proved to be a bit more challenging than first anticipated. what i have done, is to create a data group, containing the approved domains that can be reached, and added the following to the proxy irule: if { not [matchclass [string tolower [HTTP::host]] ends_with data_group] } { reject } } so the thought is to only allow domains and subdomains that is in the data group, but we are not getting the results we want. if i change the operator from "ends_with" to "contains", it will work, but that will leave us more open to exploits, as we cannot be sure the request goes to a valid host. is there something im missing here, as i thought that HTTP::host would be http:// and not inlude anything from the uri.. if there are any suggestions on how to get this to work as intended, it would be much appriciated!499Views0likes9CommentsBIG-IP : irule syntax to construct url
F5 BIG-IP Virtual Edition v11.4.1 (Build 635.0) LTM on ESXi Can anyone see a problem with syntax with this iRule : when HTTP_REQUEST { set host [HTTP::host] if { not ([string tolower [HTTP::host]] starts_with "www.") } { set host "www.[HTTP::host]" } HTTP::redirect "https://$host[HTTP::uri]" } This irule lives on an http vip. The intention is to prepend "www." to the host ( if not already present ).256Views0likes2Comments