Block admin URLs for internet users only
Dear Community,
I need to block few admin URLs and its subdirectories from internet only. The URLs should be accessible from internal private IPs of organization.
Following needs to be blocked.
https://hostname.com/admin/*
https://hostname.com/login/*
https://hostname.com/manage/*
https://hostname.com/account/*
Please inform how to modify following iRule to accomplish above requirement.
https://support.f5.com/csp/article/K74012450
when CLIENT_ACCEPTED {
log local0. "Client IP address is: [clientside {IP::remote_addr}]"
}
when HTTP_REQUEST {
log local0. "HTTP Path = [HTTP::path]"
log local0. "HTTP Host = [HTTP::host]"
if { ([HTTP::host] eq "hostname.example.com") and ([HTTP::path] eq "/test/login") } {
switch -glob [class match [IP::client_addr] eq private_net] {
"1" {
log local0. "The IP is private"
pool HTTP_Pool
}
default {
log local0. "The IP is public"
set content "No Access"
HTTP::respond 403 content $content
unset content
}
}
}
else {
log local0. "Access to other URLs, granted to any IP"
pool HTTP_Pool
}
}
Warm Regards
Hi,
Create an address data group and add private IPs to the data group.
iRule (Change the datagroupname):
when HTTP_REQUEST { switch -glob [string tolower [HTTP::uri -normalized]] { "/admin/*" - "/login/*" - "/manage/*" - "/account/*" { if { not [class match [IP::client_addr] equals datagroupname] } { drop return } } } }