We want to use the ServerIron/ADX to block the access to a given set of URLs. Client requesting these URLs should get a RESET back. Other traffic should get load balanced normally.
We will use Layer-7 switching using csw to achieve this. Please remember the following things:
Each request which does not match any of the configured prefixes is going to a default group/pool of real servers (the example is using the group with group-id 100).
The example is based on a group/pool with a single server in only – it is possible to have multiple servers in the group. The ServerIron is going to load balance in between the real servers in the selected group/pool in case there are multiple servers in the group.
The virtual server receiving the request is the one with IP address 192.168.9.100. Requests with the prefixes /secret, /private and /secure needs to get blocked. All the rest of the requests will go to real server rs201 (192.168.8.201).
csw-rule "secret" url prefix "/secret" case-insensitive csw-rule "private" url prefix "/private" case-insensitive csw-rule "secure" url prefix "/secure" case-insensitive ! csw-policy "BlockIt" case-insensitive match "secret" reset-client match "private" reset-client match "secure" reset-client default forward 201 ! server real rs201 192.168.8.201 port http port http url "HEAD /" port http group-id 201 201 ! server virtual vs100 192.168.9.100 port http port http csw-policy "BlockIt" port http csw bind http rs201 http !
1. Use some clients to send requests with known URLs and check the statistics related to the defined csw rule. Each rule does have a counter to show the amount of hits related to this rule.
Command: show csw-policy BlockIt
Verify that correctness of the stats based on your requests.
2. Ensure clients requesting URLs starting with /secret, /secure and /private do get a RESET back instead of the content.