how to configure ace to send the response as forbidden code or bad request based on the URL string
I have a requirement where ACE has to forbidden the HTTP access to the URL based on the strings in the URL /admin/ or /console/ . I believe I can match the traffic with the following class-map, but how to action on it to forbidden? example configurations?
class-map type http loadbalance match-any Forbidden-admin-access 2 match http url /admin/.* 3 match http url /console/.*
ACE cannot give response but can allow, drop or reset the connection based on L7 information or you can make ACE to forward the traffic to servers which can send those responses after the above condition is matched. But surely can "Silently" drop or reset the connection as well. Pasting configuration below for your reference.
If you want to send a reset, then you would need to use 'inspect' as such:
class-map type http inspect match-all CM-INSPECT
2 match header Host header-value "private.example.com"
class-map match-all VIP_WWW
2 match virtual-address 10.86.178.167 tcp eq www
policy-map type inspect http all-match PM-INSPECT class CM-INSPECT reset
policy-map type loadbalance first-match WWW_SERVERS class class-default serverfarm SERVER_FARM
I am sorry but i didn't get your question here. Are you saying that everyone who comes to www.example.com is getting access but only two users are being dropped when they go to www.example.com/admin? Are all other users getting access to /admin too? Can you share the configuration in place?
Introduction This article will help you understand the steps on how to
download the UCS licenses from the Cisco Systems website and then
installing it on the UCS. The redacted (blue lines) just covers up
certain numbers for privacy please do not take them...
Introduction This article will help you understand and educate the
customer on how to clear their "expired licenses"
(license-graceperiod-expired) from their UCS-M. If a customer just
purchased a license and needs a step by step guide on how to download
==================== VIC FNIC driver does not support Virtual Volumes (
second level LUN ID ) An enhancement request has been created to track
this feature - CSCux64473 UPDATE - 12-14-2016 We made some traction on
the enhancement request - The Fix is in t...