For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

iRule's avatar
iRule
Icon for Cirrus rankCirrus
Apr 10, 2023

Allow access to 2 wildcard URIs from internet and allow all URIs from internal organization network

Dear Community, I received a requirement from application gateway team that they need to expose only two URIs to internet consumers and all URIs should be accessable to internal organnization users....
application delivery
security
Enes_Afsin_Al's avatar
Enes_Afsin_Al
Icon for MVP rankMVP
Apr 11, 2023

Hi,

It's easier to do with iRule or LTM policy.

when HTTP_REQUEST {
	if { not ([class match [IP::client_addr] equals /Common/private_net]) } {
		switch -glob [HTTP::uri] {
			"/abc/asdf/morning/*" -
			"/abc/asdf/evening/*" {
				return
			}
			default {
				drop
				return
			}
		}
	}
}

If you want to do it with WAF, you need two WAF policy. One for the internal network, the other for the external network. And you need to set these policies with LTM policy or iRule.

In the external waf policy, you should to add the allowed URLs and remove the wildcard URL in the Allowed URLs list.

Illegal URL violation values must be enable in Learning and Blocking Settings.