For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

tony_iervolino_'s avatar
tony_iervolino_
Icon for Nimbostratus rankNimbostratus
May 10, 2018

Bypass APM on specific subnets

I'm trying to write an Irule that bypasses the APM for specific subnets. Irule works great at bypassing anything on the 10.0.0.0/8 subnet but the problem is I don't want it to bypass the APM for this specific subnet which is used by our mobility devices. In fact this subnet needs to land on the Login page as it's an SSID that has Internet out only. What happens is we don't even reach the APM login page but instead we reach the windows Auth page which we don't want. How would be write an Irule that would do this. the subnet in fact is 10.3.200.0/21 when HTTP_REQUEST { if { ([IP::client_addr] == "10.3.220.0") } { ACCESS::enable } elseif { [IP::addr [IP::client_addr]/8 equals 10.0.0.0] or [IP::addr [IP::client_addr]/16 equals 192.168.0.0] or [IP::addr [IP::client_addr]/12 equals 172.16.0.0] } { ACCESS::disable } }

 

application delivery
BIG-IP Access Policy Manager (APM)
iRules

1 Reply

  • Niels_van_Sluis's avatar
    Niels_van_Sluis
    Icon for MVP rankMVP
    May 10, 2018

    Try this:

    when HTTP_REQUEST { 
    if { [IP::addr [IP::client_addr] equals 10.3.220.0/21] } {
        ACCESS::enable 
    } 
    elseif { [IP::addr [IP::client_addr] equals 10.0.0.0/8] or [IP::addr [IP::client_addr] equals 192.168.0.0/16] or [IP::addr [IP::client_addr] equals 172.16.0.0/12] } {
        ACCESS::disable
    }
}