For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

MW1's avatar
MW1
Icon for Cirrus rankCirrus
Jul 01, 2014

Can anyone explain the behaviour of this irule

All, I am trying to understand the behaviour of the below irule. It was meant to block access to the down.php URI, except from the two src ip ranges stated, however it blocks access from any locat...
application delivery
devops
iRules
LTM
management
nitass's avatar
nitass
Icon for Employee rankEmployee
Jul 01, 2014

can you try this?

when HTTP_REQUEST { 
  log local0. " Request in [IP::client_addr] [HTTP::host][HTTP::uri]"
  if { [HTTP::uri] contains "/down.php"  } {
    if { ![IP::addr [IP::remote_addr] equals 75.66.12.0/255.255.255.0] and \
         ![IP::addr [IP::remote_addr] equals 15.150.0.0/255.255.0.0] } { 
      log local0. " Blocked access [IP::client_addr] [HTTP::host][HTTP::uri]"
       drop the request
      discard
    }
  }  
}