Forum Discussion

iRule's avatar
Icon for Cirrus rankCirrus
Apr 10, 2023

Allow access to 2 wildcard URIs from internet and allow all URIs from internal organization network

Dear Community,

I received a requirement from application gateway team that they need to expose only two URIs to internet consumers and all URIs should be accessable to internal organnization users.

Wildcard URIs Allowed from Internet**

All  URIs allowed from internal origanization private IPs*

Please inform how I can accomplish this from ASM policy

1 Reply

  • Hi,

    It's easier to do with iRule or LTM policy.

    when HTTP_REQUEST {
    	if { not ([class match [IP::client_addr] equals /Common/private_net]) } {
    		switch -glob [HTTP::uri] {
    			"/abc/asdf/morning/*" -
    			"/abc/asdf/evening/*" {
    			default {

    If you want to do it with WAF, you need two WAF policy. One for the internal network, the other for the external network. And you need to set these policies with LTM policy or iRule.

    In the external waf policy, you should to add the allowed URLs and remove the wildcard URL in the Allowed URLs list.

    Illegal URL violation values must be enable in Learning and Blocking Settings.