For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

winifred_corbet's avatar
winifred_corbet
Icon for Nimbostratus rankNimbostratus
May 20, 2010

allow access to URL by specific IP range - all others rejected

For a specific URL I need to allow access to URL only to our internal IP range, all other IP addresses need to be rejected.     Something along these lines, but clearly this is not correct. Can...
application delivery
dev
devops
iRules
Michael_Yates's avatar
Michael_Yates
Icon for Nimbostratus rankNimbostratus
May 20, 2010
If you need to be extremely specific you can have it check the URI as well. 


when HTTP_REQUEST {
    if { [HTTP::host] equals "www.website.com" and [HTTP::uri] equals "/somethingspecific/index.html" and [matchclass [IP::remote_addr] equals $::PoolOfAllowedAddresses ]) } {
        pool poolofallowedservers
    }
    else {
        reject
    }
}

If you want exclusive over inclusive you can make a few modifications: 


when HTTP_REQUEST {
    if { [HTTP::host] equals "www.website.com" and [HTTP::uri] equals "/somethingspecific/index.html" and !([matchclass [IP::remote_addr] equals $::PoolOfAllowedAddresses ]) } {
        reject
    }
    else {
        pool poolofallowedservers
    }
}
  • Ahmad_Ghazal_17's avatar
    Ahmad_Ghazal_17
    Icon for Nimbostratus rankNimbostratus
    Dec 01, 2014
    Hi, what the following line means, and what it's used for? pool poolofallowedservers
  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    Dec 01, 2014
    poolofallowedservers is pool name. the command does send traffic to that pool.