Forum Discussion
jondyke_46152
Nimbostratus
NimbostratusAccess Control Based On IP for specific URL
I am pretty new to irules so any help here would be appeciated. The irule below is the deafult irule for Access control based on IP from the codeshare area. Is it possible to alter this so that it c...
jondyke_46152Nimbostratus
NimbostratusOk - I have now setup a new webiste for testing puposes. It is a simple site with one pool and pool member and a vs (on port 80)
I have a default.htm in the root folder and a restricted.htm in the restricted folder. Its all on the same subnet so Automap is set for SNAT on the VS. Everything else is default...
Without the irule I can get to the root site and the restricted url path in IE no problem. With the irule applied I can no longer get to the root site, let alone the restricted url. My settings are as follows:-
Irule:-
[ code ]
when HTTP_REQUEST {
if { ( [matchclass [HTTP::uri] starts_with $::securePaths] ) and
! ( [matchclass [IP::client_addr] equals $::trustedAddresses] ) }
{
log local0. "Untrusted IP ([IP::client_addr]) attempting to access secure path ([HTTP::uri])"
discard
} else {
log local0. "Allowing connection from [IP::client_addr] to [HTTP::uri]"
forward
}
}
[ /code ]
Data Groups:-
General Properties
Name trustedAddresses
Partition Common
Type Address
Address Records 192.168.3.14 (my workstation IP address)
General Properties
Name securePaths
Partition Common
Type String
String Records /restricted/
Local Traffic Log:-
Rule irule_restrictedbyIP HTTP_REQUEST: Allowing connection from 192.168.3.14 to /
Any other suggestions? Any other logging I can switch on or look at? As soon as I remove the irule it is all fine again......
Thanks,
Jon
