Forum Discussion
NimbostratusAllowing specific source to specific uri and deny rest all
Hi All, We need an irule that can allow only specific source IP’s to access specific URI and deny to others. For example Data Group Source IP: 10.1.1.1 [DG1] URI: https://www.testdev.com/services/user1.html
Action: Allow
Data Group Source IP: 10.2.1.1 [DG2] URI: https://www.testdev.com/services/user2.html
Action: Allow
Data Group Source IP: 10.3.1.1 [DG3] URI: https://www.testdev.com/services/user3.html
Action: Allow
Source IP: Any
Action: Block all
Below is the irule that I am using, but no luck
when HTTP_REQUEST { if { [class match [IP::client_addr] equals DG1] } { HTTP::redirect " ;
if { [class match [IP::client_addr] equals DG2] } { HTTP::redirect ";
if { [class match [IP::client_addr] equals DG3] } { HTTP::redirect ";
if {[HTTP::uri] contains "/" || [HTTP::uri] contains "services"} { if {not[class match [IP::client_addr] } { log local0. " Blocked src=[IP::client_addr] src_port=[TCP::client_port],agent= HTTP::header value User-Agent]"
return
} }
Thanks..
Leonardo_SouzaCirrocumulus
Normally you do this based in the path, because is likely the application will have multiple pages:
when HTTP_REQUEST { if [class match [IP::client_addr] equals "DG1"] { if { not ([HTTP::path] starts_with "/services/user1/"]) } { HTTP::redirect "https://www.testdev.com/services/user1/" return } drop }If you really want the URI:
when HTTP_REQUEST { if [class match [IP::client_addr] equals "DG1"] { if { not ([HTTP::uri] starts_with "/services/user1.html"]) } { HTTP::redirect "https://www.testdev.com/services/user1.html" return } drop }