For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

haxzorian_35595's avatar
haxzorian_35595
Icon for Nimbostratus rankNimbostratus
Apr 01, 2017

Blocking admin uri via IP address and keyword?

Hello All, Is there a proper way to block access to admin URIs using a a keyword and IP address? Such as, if the request comes from 192.168.0.0/16 space and contains /platform/* allow the connecti...
BIG-IP
iRules
security
Kai_Wilke's avatar
Kai_Wilke
Icon for MVP rankMVP
Apr 04, 2017

Hi haxzorian,

to make your black-list more robust and to include the required IP exemptions, you may take a look to the iRule samples below.

Example1: Using a matching condition which isn't prone to escaping sequences

when HTTP_REQUEST {
    if {     ( [string tolower [HTTP::path]] stats_with "/platform" ) 
     and not ( [class match [IP::client_addr] equals allowed-host] ) } then {
         Reject the request
        reject      
    } else {
         Allow the request
    }
}

Example2: Utilizing a 

[URI::decode]
command to unescape possible URI escape sequences.

when HTTP_REQUEST {
    if {     ( [URI::decode [string tolower [HTTP::path]]] stats_with "/platform/" ) 
     and not ( [class match [IP::client_addr] equals DG_Allowed_IPs] ) } then {
         Reject the request
        reject      
    } else {
         Allow the request
    }
}

Note: Both examples should work stable even if a bad guy requests a URL like https://www.yoursite.de/platform

%2F
somefolder/somepage.php

Cheers, Kai