Forum Discussion
jondyke_46152
Nimbostratus
NimbostratusAccess Control Based On IP for specific URL
I am pretty new to irules so any help here would be appeciated. The irule below is the deafult irule for Access control based on IP from the codeshare area. Is it possible to alter this so that it c...
Andy_Herrman_22Nimbostratus
NimbostratusHere's pseudocode for the iRule:
if ( (path is a secure path) AND (ip address is not trusted) ) {
discard
} else {
forward
}
If the path is not one of the secure paths then the first check will be false, causing the else clause to be executed.
If the IP address is a trusted address then the second part of the IF check will be false, causing the else clause to be executed.
So, anyone who is trusted should always be allowed in. If they aren't trusted but don't try to go to a secure path they should be allowed in.
Here's another way to write the rule that might be a little clearer, though the logic is exactly the same as the previous one.
when HTTP_REQUEST {
if { [matchclass [string tolower [HTTP::uri]] starts_with $::securePaths] } {
if { [matchclass [IP::client_addr] equals $::trustedAddresses] } {
Secure path and trusted IP
log local0. "Allowing connection from [IP::client_addr] to secure path [HTTP::uri]"
forward
} else {
Secure path but not a trusted IP
log local0. "Untrusted IP ([IP::client_addr]) attempting to access secure path ([HTTP::uri])"
discard
}
} else {
Not a secure path
log local0. "Allowing connection from [IP::client_addr] to [HTTP::uri]"
forward
}
}
