Forum Discussion

Nitesh_Saxena_3's avatar
Nitesh_Saxena_3
Icon for Nimbostratus rankNimbostratus
Feb 28, 2018

client based restriction

Hi, I am trying to implement something very simple but i am not sure which is best way of doing.

 

I need to restrict user with certain ip address to access sites /uri or sites.

 

Example:- all users can access:- and only nothing else no other sites. 192.168.X.X can access above + and other sites as

 

So what is the best way to do this?

 

LTM rule 1:- in LTM to have source based with irule (with default) Ltm source any with irule allow those two uri and everything else drop. ( so what should be the irule configuration) if they try for abc3 it should get dropped or reject.

 

LTM rule 2- those subnets (192.168.X.X) all the sites.

 

Can someone help.

 

application delivery
iRules
LTM
security
  • Piotrek_72347's avatar
    Piotrek_72347
    Icon for Nimbostratus rankNimbostratus
    Mar 01, 2018

    third solution is using local traffic polices. Maybe there You can just write policy that directs traffic to host that you want basing source app address.

     

    ps what modules are provisioned on F5? maybe you can use something more than LTM?

     

  • JG's avatar
    JG
    Icon for Cumulonimbus rankCumulonimbus
    Mar 01, 2018
    when HTTP_REQUEST {
    if { [IP::addr [IP::client_addr]/16 equals 192.168.0.0] } { 
        return
    }

    if { [string tolower [HTTP::host]] equals "www.abc.com" } { 
        switch -glob -- [string tolower [HTTP::path]] {
            "/abc1/*" -
            "/abc2/*" { 
                return 
            }
            default {
                reject
            }
        }
    } else {
        reject
    }
}

    (Untested).

    [Edited].