For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Dori_Shmuel_241's avatar
Dori_Shmuel_241
Icon for Nimbostratus rankNimbostratus
Jul 13, 2009

Block specific URI's

Hello All,

 

how can i allow access to a specific IP addresses to a specific URI's without blocking any other URI's that i have on my site.

 

Example:

 

site.com/abc > allow only to $::abc_allowed

 

site.com/abcd > allow only to $::abcd_allowed

 

site.com/abcde > everyone can access

 

*when someone who is not allowed to access site.com/abc or site.com/abcd, i would like him to see a text that he is not allowed.

 

I have prepered Irule that is not fully working. I managed to do the access-list but it keeps blocking other URI's that i'm not interest to block

 

when HTTP_REQUEST

 

{

 

if { [HTTP::host] starts_with "site.com" }

 

{

 

if {[HTTP::uri] starts_with "/abc" and [matchclass [IP::client_addr] equals $::abc_allowed] }

 

{

 

pool site_pool

 

}

 

elseif {[HTTP::uri] starts_with "/abcd" and [matchclass [IP::client_addr] equals $::abcd_allowed] }

 

{

 

pool site_pool

 

}

 

else

 

{

 

HTTP::respond 200 content

 

{

 

 

 

Apology Page

 

 

 

We are sorry, but the site you are looking for does not exist or is not allowed to you.

 

 

 

 

}

 

}

 

}

 

}

 

Thanks in advance!
application delivery
dev
devops
iRules

1 Reply

  • hoolio's avatar
    hoolio
    Icon for Cirrostratus rankCirrostratus
    Jul 13, 2009
    If you add logging to the iRule what do you see when a failure occurs?

     

     

    Are your example URIs, /abc and /abcd accurate in that the second directory you're checking for starts the same as the first directory you're checking? If so, you might want to reverse the order of the checks as only one of the conditions will be checked if the request matches the first test.

     

     

    Aaron