F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

iRule's avatar
iRule
Icon for Cirrus rankCirrus
Apr 10, 2023

Allow access to 2 wildcard URIs from internet and allow all URIs from internal organization network

Dear Community, I received a requirement from application gateway team that they need to expose only two URIs to internet consumers and all URIs should be accessable to internal organnization users....
application delivery
security
Enes_Afsin_Al's avatar
Enes_Afsin_Al
Icon for MVP rankMVP
Apr 10, 2023

Hi,

It's easier to do with iRule or LTM policy.

when HTTP_REQUEST {
	if { not ([class match [IP::client_addr] equals /Common/private_net]) } {
		switch -glob [HTTP::uri] {
			"/abc/asdf/morning/*" -
			"/abc/asdf/evening/*" {
				return
			}
			default {
				drop
				return
			}
		}
	}
}

If you want to do it with WAF, you need two WAF policy. One for the internal network, the other for the external network. And you need to set these policies with LTM policy or iRule.

In the external waf policy, you should to add the allowed URLs and remove the wildcard URL in the Allowed URLs list.

Illegal URL violation values must be enable in Learning and Blocking Settings.