Question
Is it possible to control URL access with iRule?
Environment
- Silverline WAF
- Silverline DDoS
- iRule
Answer
Yes, this is possible with the use of below iRule:
when HTTP_REQUEST priority 300 {
if { ([class match -- [string tolower [HTTP::uri]] equals "/example/uri"]) && (![class match -- [IP::client_addr] equals [call ag_info0::datatable_name example_ip_datatable]]) } {
set agl [call ag_log0::open -rulename URI_whitelist_name -rulever 1]
call ag_log0::http_kvp $agl INFO action "IP have been blocked."
drop
}
}
This iRule can be deployed with logic:
- equals - The URI specified as in example /example/uri must be exact match on incoming HTTP request to trigger.
- contains - The incoming HTTP URL string will be scanned for example /example/uri and check is there a match.
- starts_with - The incoming HTTP request URL will be scanned does it starts with /example/uri.
Above iRule will control access to given URI resource and give access only to IPs that are present in created IP datatable (eg. example_ip_datatable).
|
Note: It is possible to remove "drop" command and replace it with "ASM::Disable" for example to whitelist IP's only on WAF, in above example with "drop" incoming connecting clients will still be scanned by WAF. |
How to deploy iRule
In order to deploy the iRule, provide the SOC with following:
1. Name for the iRule.
2. Name for the IP datatable for IP whitelist.
3. URI that needs to be access controlled.