Forum Discussion
Allow Access to URL from Inside but Not From Internet
Hi All,
What is the best way to allow access to a URL from the inside network, but not from the public Internet? I have this irule, but when I apply it to the virtual server, all traffic is impacted. I'd like to be able to allow 10.16.0.0/16 to be able to access the URL, but everything from the Internet to be blocked.
when HTTP_REQUEST {
switch -glob [string tolower [HTTP::path]] {
"/proxyservice*" {
log local0. "[IP::client_addr]:[TCP::client_port]: Dropping request to [HTTP::uri]"
HTTP::respond 200 content "Forbidden
Website Error: Forbidden Your information has been logged.
"
}
default {
pool
}
}
}
Thanks in advance for your help!
Brian
4 Replies
- Maudigan
Altocumulus
Lucas, thanks for the detailed response. Your assumptions are correct. I had seen that post you linked when I was searching and had dismissed it as unrelated to what I was looking for for. I had been lead to believe that the process you just described was sort of automatic, that simply by being in the F5 and using HTTPS that the x509 info would automatically be inserted into the HTTP request header and forwarded to the server.
I thought I was just missing the finer details, but I apparently really am missing the overarching architecture of how this will work! I think the important take away from your code is that I can name the EDIPI whatever I want in the request header. That's enough to let me start writing my PHP. So thanks!
I think I followed your code fine, but am entirely unfamiliar with the syntax/language. Am I right to assume that my server admins will have access to an F5 console where I'd have to get them to setup rules for how we want our connections to be managed, and the script your provided is an example of one of those handling rules?
Great! sounds like you're on the right track.
The language that BIG-IPs use for network programmability is a flavor of TCL called "iRules". In a nutshell, you write code blocks like "When this event happens, do these commands", then you attach that code to a virtual server. iRules support passing data between events using variables. In this way, almost any conceivable use case or data translation is possible.
Events: https://clouddocs.f5.com/api/irules/Events.html
Commands: https://clouddocs.f5.com/api/irules/Commands.html
You can read more about irules here:
- Maudigan
Altocumulus
Thanks very much, you[ve got me in the right track now.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com