Blocking a URL except from specific IP addresses

Question

We would like to block access to a specific URL for a web application except if it is coming in from our VPN (known IP address ranges) or from our internal network. ie /admin but allow /user. How should the irule be written

colin_walker_12 · Answer

To clarify:
If a user makes a request for www.domain.com/admin, deny them unless they are on your internal network (we'll say 10.0.0.1/24). 
Correct?
If so, then you'd want something like:
when HTTP_REQUEST {
  if { [HTTP::uri] starts_with "/admin" } {
    if {[IP::client_addr] starts_with "10.0.0" } {
      pool http_pool
    } else {
      reject
    }
  }
}
This is, of course, an extremely simple example. If you wanted to add a bit more intelligence/flair, you could use a network range when doing the comparison, send a custom HTTP response, etc.
HTH,
Colin

farnsworth_7311 · Answer

Thanks to all! This has been a great help!

Forum Discussion

Blocking a URL except from specific IP addresses

Recent Discussions

Unable to install firmware OS and drop at 10%

Statistics ›› Analytics : HTTP : Overview

How to Renew F5 Device Certificate

F5 ASM CEF Sending Logs in Specific TimeZone

Inquiry About the "ast-api-discovery" Repository

Related Content

Deny access to F5 management from specific addresses

Allow only specific IP Address to only specific URL/route in ASM

Post of the Week: Blocking a Specific URI

Block IP after a number of ASM Blocks

Installing and Locking a Specific Version of F5 NGINX Plus

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS