We want to use the ServerIron/ADX to block the access to a given set of URLs. Client requesting these URLs should get a RESET back. Other traffic should get load balanced normally.
We will use Layer-7 switching using csw to achieve this. Please remember the following things:
The virtual server receiving the request is the one with IP address 192.168.9.100. Requests with the prefixes /secret, /private and /secure needs to get blocked. All the rest of the requests will go to real server rs201 (192.168.8.201).
csw-rule "secret" url prefix "/secret" case-insensitive
csw-rule "private" url prefix "/private" case-insensitive
csw-rule "secure" url prefix "/secure" case-insensitive
csw-policy "BlockIt" case-insensitive
match "secret" reset-client
match "private" reset-client
match "secure" reset-client
default forward 201
server real rs201 192.168.8.201
port http url "HEAD /"
port http group-id 201 201
server virtual vs100 192.168.9.100
port http csw-policy "BlockIt"
port http csw
bind http rs201 http
1. Use some clients to send requests with known URLs and check the statistics related to the defined csw rule. Each rule does have a counter to show the amount of hits related to this rule.
Command: show csw-policy BlockIt
Verify that correctness of the stats based on your requests.
2. Ensure clients requesting URLs starting with /secret, /secure and /private do get a RESET back instead of the content.