For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Kuerten_772's avatar
Kuerten_772
Icon for Nimbostratus rankNimbostratus
Jun 04, 2014

Combine 2 Access Irule Based on CientIP and URI

Hello F5ers,

 

i have one virtual server sharepoint application, i want to give admin access for sharpoint just from internal users (LAN Network 10.0.0.0/8) and i want to block other admin access from outside (Internet),i have created two irule based on ClientIP and URI for that and its not working. The first irule : when RULE_INIT { set hbr_response "

 

Dear User

 

Access to Admin pages are restricted

 

 

If you have any queries, please send an e-mail to webmaster@zadco.ae.

 

" } when HTTP_REQUEST { if { [HTTP::uri] starts_with "/Pages/AdminAccess.aspx" } { if { [IP::client_addr] starts_with "10."} { log local0. "client with [IP::client_addr] on url [HTTP::host][HTTP::uri] logged" } else { HTTP::respond 200 content $::hbr_response log local0. "client with [IP::client_addr] on url [HTTP::host][HTTP::uri] logged and access denied" } } }

 

the second irule : when RULE_INIT { set zadcoae "

 

Dear User

 

Access to Admin pages are restricted

 

 

If you have any queries, please send an e-mail to webmaster@zadco.ae.

 

" } when HTTP_REQUEST { if { [string tolower [matchclass [HTTP::uri] contains zadcoae_block]]} { HTTP::respond 200 content $::zadcoae log local0. "client with [IP::client_addr] on url [HTTP::host][HTTP::uri] logged and access denied" } }

 

ltm data-group internal /Common/zadcoae_block { records { /Forms { data /Forms } /Lists { data /Lists } /_catalogs { data /_catalogs } /_vti_bin { data /_vti_bin } _layouts { data _layouts } } type string }

 

i need to create one irule with combine all those conditions.

 

Thanks

 

application delivery
devops
iRules

1 Reply

  • Kuerten_772's avatar
    Kuerten_772
    Icon for Nimbostratus rankNimbostratus
    Jun 04, 2014

    Hello F5ers,

    i have one virtual server sharepoint application, i want to give admin access for sharpoint just from internal users (LAN Network 10.0.0.0/8) and i want to block other admin access from outside (Internet),i have created two irule based on ClientIP and URI for that and its not working.

    The first irule :

    when RULE_INIT { set hbr_response "

    Dear User

    Access to Admin pages are restricted

    If you have any queries, please send an e-mail to webmaster@zadco.ae.

     

    " } when HTTP_REQUEST { if { [HTTP::uri] starts_with "/Pages/AdminAccess.aspx" } { if { [IP::client_addr] starts_with "10."} { log local0. "client with [IP::client_addr] on url [HTTP::host][HTTP::uri] logged" } else { HTTP::respond 200 content $::hbr_response log local0. "client with [IP::client_addr] on url [HTTP::host][HTTP::uri] logged and access denied" } } }

    the second irule :

    when RULE_INIT {

    set zadcoae "

    Dear User

    Access to Admin pages are restricted

    If you have any queries, please send an e-mail to webmaster@zadco.ae.

     

    " } when HTTP_REQUEST {

    if { [string tolower [matchclass [HTTP::uri] contains zadcoae_block]]} { HTTP::respond 200 content $::zadcoae log local0. "client with [IP::client_addr] on url [HTTP::host][HTTP::uri] logged and access denied" } }

    ltm data-group internal /Common/zadcoae_block {

    records {
    /Forms {
        data /Forms
    }
    /Lists {
        data /Lists
    }
    /_catalogs {
        data /_catalogs
    }
    /_vti_bin {
        data /_vti_bin
    }
    _layouts {
        data _layouts
    }
}
type string

    }

    i need to create one irule with combine all those conditions.

    Thanks

    .