Application Delivery (ADX)

How to block some URLs with the ServerIron/ADX using CSW

by on ‎05-11-2009 08:45 AM (130 Views)


We want to use the ServerIron/ADX to block the access to a given set of URLs. Client requesting these URLs should get a RESET back. Other traffic should get load balanced normally.


We will use Layer-7 switching using csw to achieve this. Please remember the  following things:

  • Each request which does not match any of the configured prefixes is going to  a default group/pool of real servers (the example is using the group with group-id  100).
  • The example is based on a group/pool with a single server in only – it is  possible to have multiple servers in the group. The ServerIron is going to load  balance in between the real servers in the selected group/pool in case there are  multiple servers in the group.

The virtual server receiving the request is the one with IP address Requests with the prefixes /secret, /private and /secure needs to get blocked. All the rest of the requests will go to real server rs201 (

Sample Code/Configuration

csw-rule "secret" url prefix "/secret" case-insensitive
csw-rule "private" url prefix "/private" case-insensitive
csw-rule "secure" url prefix "/secure" case-insensitive
csw-policy "BlockIt" case-insensitive
match "secret" reset-client
match "private" reset-client
match "secure" reset-client
default forward 201
server real rs201
port http
port http url "HEAD /"
port http group-id  201 201
server virtual vs100
port http
port http csw-policy "BlockIt"
port http csw
bind http rs201 http


1. Use some clients to send requests with known URLs and check the statistics related to the defined csw rule. Each rule does have a counter to show the amount of hits related to this rule.

Command: show csw-policy BlockIt

Verify that correctness of the stats based on your requests.

2. Ensure clients requesting URLs starting with /secret, /secure and /private do get a RESET back instead of the content.