Forum Discussion

Nimbostratus

Dec 07, 2018

Allow a specific resource's access based on source IP addresse's

Hello, I have a need to create an iRule for a url with 2 endpoints. endpoint1 = myCertCN/path1 endpoint2 = myCertCN/path2 I need to : expose endpoint1 to all IP's, expose endpo...

application delivery

iRules

Andy_McGrath

Cumulonimbus

Dec 07, 2018

Setup a data group with type IP Addresses and add the allowed IP address subnets to it, name it ‘allowed_ip_addresses’ and the following iRule should do the job.

when HTTP_REQUEST {
  set httpUri [string tolower [HTTP::uri]]
  set clientIp [getfield [IP::client_addr] “%” 1]  
  
   check uri path and cline tip is not in the allowed list
  if {($httpUri starts_with "/path2") && !([class match $clientIp allowed_ip_addresses])} {

     drop or reject to end the connection    
    drop

  }
}

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Allow a specific resource's access based on source IP addresse's

F5 Academy at AppWorld 2026

Aswin MK - November 2025 Featured Member

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

CVE mitigation on F5 XC vs classic F5 WAF

Could not communicate with the system. Try to reload page.

F5 XC 503 upstream_reset_before_response_started{protocol_error}

UCS Encryption Question

BIG-IP VE: 40G Throughput from 4x10G physical NICs

Related Content

DevCentral Resources

Reliable resources for identifying IP addresses

F5 Resources for COVID-19

BIG-IP Terraform Resources

Allow only specific IP Address to only specific URL/route in ASM

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS