For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

jondyke_46152's avatar
jondyke_46152
Icon for Nimbostratus rankNimbostratus
Jun 26, 2008

Access Control Based On IP for specific URL

I am pretty new to irules so any help here would be appeciated. The irule below is the deafult irule for Access control based on IP from the codeshare area. Is it possible to alter this so that it c...
application delivery
dev
devops
iRules
Andy_Herrman_22's avatar
Andy_Herrman_22
Icon for Nimbostratus rankNimbostratus
Jun 30, 2008
Small tweak to the iRule to handle case properly: 

   
   when HTTP_REQUEST {     
     if { ( [matchclass [string tolower [HTTP::uri]] starts_with $::securePaths] ) and   
          ! ( [matchclass [IP::client_addr] equals $::trustedAddresses] ) }   
     {   
       log local0. "Untrusted IP ([IP::client_addr]) attempting to access secure path ([HTTP::uri])"   
       discard   
     } else {   
       log local0. "Allowing connection from [IP::client_addr] to [HTTP::uri]"   
       forward   
     }   
   }

I have it converting the path to lowercase. This handles people trying to go to:

http://yourdomain.com/TeStInG

or other variants to try and get around your filtering. As long as you always use lowercase when defining entries in the datagroup you'll be good.