Forum Discussion

SXG12_131783's avatar
SXG12_131783
Icon for Nimbostratus rankNimbostratus
Dec 07, 2018

Allow a specific resource's access based on source IP addresse's

Hello, I have a need to create an iRule for a url with 2 endpoints.   endpoint1 = myCertCN/path1   endpoint2 = myCertCN/path2   I need to :   expose endpoint1 to all IP's, expose endpo...
application delivery
iRules
Andy_McGrath's avatar
Andy_McGrath
Icon for Cumulonimbus rankCumulonimbus
Dec 07, 2018

Setup a data group with type IP Addresses and add the allowed IP address subnets to it, name it ‘allowed_ip_addresses’ and the following iRule should do the job.

when HTTP_REQUEST {
  set httpUri [string tolower [HTTP::uri]]
  set clientIp [getfield [IP::client_addr] “%” 1]  
  
   check uri path and cline tip is not in the allowed list
  if {($httpUri starts_with "/path2") && !([class match $clientIp allowed_ip_addresses])} {

     drop or reject to end the connection    
    drop

  }
}