Allow access to a specific internet URL

Question

I need help creating a policy or Irule:&nbsp;How to allow access to a specific URL from internet&nbsp;https://abc.domain.com/marketplace-app/#/&nbsp;And allow all other URLs for internal network only.&nbsp;for example:https://abc.domain.com/lookfeelhttps://abc.domain.com/marketing&nbsp;Regards,Cleiton

youssef1 · Answer

Hi,try this irule.You can also use DG for Internal source IP and URL...when CLIENT_ACCEPTED {
set internal 0
&nbsp;
# check if user come from internal network
if {not [IP::addr [IP::client_addr] equals 10.0.0.0/8]} {
	set internal 1
}
}
 
when HTTP_REQUEST {
&nbsp;
if {$internal} {
&nbsp;
# allow all. access from internela network
&nbsp;
} else {
	if { !([string tolower [HTTP::uri]] starts_with "/marketplace-app/#/") }{
		# allow only access to marketplace url from internal
		drop
	}
 
}
}regards

cleiton_lobo_de · Answer

Sorry I did not explain correctly ...&nbsp;The URL https://abc.domain.com/marketplace-app/#/ Must be accessed from both the external and internal networks.&nbsp;Other URLs can be accessed only from internal network (10.0.0.0/8)&nbsp;examples:https://abc.domain.com/lookfeelhttps://abc.domain.com/Marketing&nbsp;&nbsp;help me please!&nbsp;&nbsp;&nbsp;&nbsp;

dans92 · Answer

You can create a VIP that is only used for traffic coming from 10.0.0.0/8 that looks like this:

This VIP will get all traffic from 10.0.0.0/8. Then you'll create another VIP that doesn't specify Source Address, that will handle all other traffic to that IP.

On the VIP that handles all non 10.0.0.0/8 traffic, use this:

when HTTP_REQUEST {

switch -glob [string tolower [HTTP::uri]] {

"lookfeel*" -

"Marketing**" {

drop }

}

youssef1 · Answer

Irule Update:when CLIENT_ACCEPTED {
set internal 0
 # check if user come from internal network
if {not [IP::addr [IP::client_addr] equals 10.0.0.0/8]} {
	set internal 1
}
}
 
when HTTP_REQUEST {
&nbsp;
if {$internal} {
	# allow acess to all directory from internela network only including /marketplace-app/
 } elseif { [string tolower [HTTP::uri]] starts_with "/marketplace-app/#/" }{
	# allow access to /marketplace-app/ from external
} else {
	drop
}
}keep me in touchregards

Forum Discussion

Allow access to a specific internet URL

Recent Discussions

Application only need to access from 2 uris

In Radius auth, how to allow second attempt of token input when the first input is incorrect?

AS3 Limitations

Unable to install firmware OS and drop at 10%

Statistics ›› Analytics : HTTP : Overview

Related Content

Deny access to F5 management from specific addresses

The sooner the better: Web App Scanning Without Internet Exposure

Protect an application exposed on Internet with F5 XC WAAP

Deploy BIG-IP on GCP with GDM without Internet access

Federated AWS Console Access Made Easy: F5 BIG-IP Access Policy Manager Access Guided Configurations

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS