Forum Discussion
Doug_104173
Nimbostratus
NimbostratusAllow based on IP for uri starts_with
Hi, I am trying to come up with an iRule to only allow people to login to a certain page of our app if they originate from a single IP. Basically you can login to www.foo.com/admin if you come from 10.0.0.100. If you don't, meet the source IP request we'd like to drop the http request. I think i have it right but I unfortunately don't have a test bigip to try this on so I was hoping someone could take a look at my rule to see if it looks ok or there is a better way to do it. It does pass a syntax check.
when HTTP_REQUEST {
if {([HTTP::uri] starts_with "/admin" ) and ([IP::addr [IP::client_addr] equals 10.0.0.100])} {
} else {
drop
}
}
Doug_104173Ok, well that obviously didn't work once I tested it.
I made some additions to my iRulewhen HTTP_REQUEST { if { ( [HTTP::uri] starts_with "/admin" ) and ( [IP::addr [IP::client_addr] equals 10.0.0.2] ) } { HTTP::redirect "https://foo.com/admin/index/index/" } else { HTTP::redirect "https://foo.com/login/index/login/" } }
Is there a better way to accomplish restricting access to this url?
Michael_YatesWhat you've got should do a good job.
My only suggestion would be to create a Data Group (iRules -> Data Group List -> Create (Group of Addresses)) that you could add additional qualifying IP Addresses to without having to add any to the actual iRule.when HTTP_REQUEST { if { ([HTTP::uri] starts_with "/admin") and ([matchclass [IP::remote_addr] equals $$IPAddressDataGroup]) } { HTTP::redirect "https://foo.com/admin/index/index/" } else { HTTP::redirect "https://foo.com/login/index/login/" } }