Forum Discussion
hooleylist
Jun 21, 2011Cirrostratus
So you're testing by sending a 403 for blocked responses, you clear your cache, make a request to the / URI, see the logging for a blocked message but see the content for the root document displayed in the browser? That's really odd. I don't see how a request could be made to / and log the 403 response but still allow the request through to the pool.
Can you try adding logging of the SERVER_CONNECTED and HTTP_RESPONSE events:
when CLIENT_ACCEPTED {
if { [matchclass [IP::client_addr] equals $::myallowedclients] }{
set allowed 1
log local0. "[IP::client_addr]:[TCP::client_port]: Client is in allowed class"
} else {
Client is not in the allowed class
set allowed 0
log local0. "[IP::client_addr]:[TCP::client_port]: Client is not in allowed class"
}
}
when HTTP_REQUEST {
Save the URI for logging in HTTP_RESPONSE
set uri [HTTP::uri]
Check if requested URI is whitelisted
switch -glob [HTTP::uri] {
"/allowed_starts_with/*" -
"*/allowed_contains/*" -
"/allowed_exact" {
set allowed 1
log local0. "[IP::client_addr]:[TCP::client_port]: URI is allowed per whitelist [HTTP::uri]"
}
}
if { $allowed == 0 }{
Disallowed request
Reset connection
reject
Send HTTP reject message
HTTP::respond 403 content {blocked!}
log local0. "[IP::client_addr]:[TCP::client_port]: Blocking request to [HTTP::uri]"
}
}
when SERVER_CONNECTED {
log local0. "[IP::client_addr]:[TCP::client_port]: connected: [IP::server_addr]:[TCP::server_port]"
}
when HTTP_RESPONSE {
log local0. "[IP::client_addr]:[TCP::client_port]: \$uri=$uri, status=[HTTP::status]"
}
Aaron