For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

anujl_5566's avatar
anujl_5566
Icon for Nimbostratus rankNimbostratus
Nov 07, 2011

access rule for specific urls using Data group list

I wanted to give access to certain url's IF clients come from specific pool of IP's. I looked at devcentral and using the tips I found I wrote this url and it is working. Thought of sharing,

 

 

if { [matchclass [string tolower [HTTP::path]] equals $::send_verify_pin_urls] } {

 

if { not [matchclass [IP::client_addr] equals $::SEND_VERIFY_ALLOWED_IPs] } {

 

HTTP::respond 200 content "Not AllowedYou are not allowed to access this site!"

 

}

 

else {

 

log local0. "Life is good"

 

}

 

}

 

if { [matchclass [string tolower [HTTP::path]] equals $::IVR_urls] } {

 

if { not [matchclass [IP::client_addr] equals $::IVR_API_IPs ] } {

 

HTTP::respond 200 content "Not AllowedYou are not allowed to access this site!"

 

}

 

else {

 

log local0. "Life is good"

 

}

 

}

 

application delivery
dev
devops
iRules

1 Reply

  • hoolio's avatar
    hoolio
    Icon for Cirrostratus rankCirrostratus
    Nov 08, 2011
    Nice work. A few notes:

     

     

    If you're on 9.4.4+ you should remove the $:: prefix from the datagroup name in the iRule.

     

     

    If you're on 10+ you could replace matchclass with the class match command.

     

     

    You could also consider performing the client IP lookup in the CLIENT_ACCEPTED event so you only do the lookup once per client connection instead of every HTTP request.

     

     

    Aaron