Forum Discussion
NimbostratusBypass access policy for a list of servers
Hello,
Does anyone know how to create an iRule that will allow a list of a few servers to skip the access policy on a virtual server and go directly to the server in the pool the VS is pointed at?
Ideally I would want any request to a specific uri from one of the listed servers to be able to bypass the access policy applied to that virtual server.
The reason is I have an application that manages the connections via a web browser and anytime I try to make a connection with an access policy applied it fails. When I remove the access policy form the virtual server the connection will work. I need to keep the access policy to restrict access to the site but want the servers that managed these connections to bypass access policy.
Example: Whenever any of these three servers goes to https://test.site.org/rest/services access policy will not be applied. Server1: 10.10.1.1 Server2: 10.10.1.2 Server3: 10.10.1.3
My thought was to use a data group list but wasn't sure how to use that list to bypass an access policy. If bypassing the access policy based on uri is not possible I would settle for just allowing any of the servers in the group list to by pass the access policy for this virtual server.
Thanks for your time!
- P_K
Altostratus
Did you try this?
when HTTP_REQUEST {
switch -glob [string tolower [HTTP::uri]]
"/rest/services*" {
Disable Access policy
ACCESS::disable
} default {
Access::enable
}
} - Kevin_Davies
Nacreous
This is what you need. Put your addresses in a datagroup called policy_bypass.
when HTTP_REQUEST { if {[HTTP::uri] eq "/rest/services" } { if {[class match [IP::client_addr] equals policy_bypass]} { ACCESS::disable } } }
