For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Brian_Kenworthy's avatar
Brian_Kenworthy
Icon for Nimbostratus rankNimbostratus
Oct 22, 2012

Allow Access to URL from Inside but Not From Internet

Hi All,   What is the best way to allow access to a URL from the inside network, but not from the public Internet? I have this irule, but when I apply it to the virtual server, all traffic is imp...
application delivery
dev
devops
iRules
nitass's avatar
nitass
Icon for Employee rankEmployee
Oct 23, 2012
e.g. 

[root@ve10:Active] config  b virtual bar list
virtual bar {
   snat automap
   pool foo
   destination 172.28.19.79:80
   ip protocol 6
   rules myrule
   profiles {
      http {}
      tcp {}
   }
}
[root@ve10:Active] config  b rule myrule list
rule myrule {
   when HTTP_REQUEST {
   if { [HTTP::uri] starts_with "/proxyservice" } {
      if { not ([IP::addr [IP::client_addr] equals 10.16.0.0/16]) } {
         log local0. "[IP::client_addr]:[TCP::client_port]: Dropping request to [HTTP::uri]"
         HTTP::respond 200 content "Forbidden
        
        
        
        Website Error:  Forbidden
        Your information has been logged.
        "
      }
   }
}
}

[root@ve10:Active] config  tail -f /var/log/ltm
Oct 23 12:53:53 local/tmm info tmm[7926]: Rule myrule : 172.28.20.11:58988: Dropping request to /proxyservice/something