Forum Discussion

Puneet_73909's avatar
Puneet_73909
Icon for Nimbostratus rankNimbostratus
Nov 30, 2009

Conditional Forwarding

Hi All,

 

 

Need ur Help!!!

 

 

I have a situation where I need to restrict access to one of my website url from outside world and allow it from internal network.

 

 

 

suppose:

 

When user types in www.xyz.com, request should forward it to normal webservers.

 

 

But If user types in www.xyz.com/doc, then he will get outage page but it should be accessible via 10.10.1.1 subnet.

 

 

Please help me to acheive this condition.

 

 

Thanks,

 

Puneet Khanna

 

 

application delivery
dev
devops
iRules
  • JRahm's avatar
    JRahm
    Icon for Admin rankAdmin
    Nov 30, 2009
    Something like this maybe? 

     
 when HTTP_REQUEST { 
   if { [string tolower [HTTP::uri]] starts_with "/doc" && !([IP::addr [IP::client_addr]/24 equals 10.10.1.0]) } { 
     HTTP::redirect "http://my.outage.page" 
   } 
 }

  • hoolio's avatar
    hoolio
    Icon for Cirrostratus rankCirrostratus
    Nov 30, 2009
    The problem with doing URI checking like this is that it would be simple to bypass. There are some examples of URI obfuscation methods in this post:

     

     

    Irule for restricting URL paths unsecure

     

    http://devcentral.f5.com/Default.aspx?tabid=53&forumid=5&tpage=1&view=topic&postid=30900

     

     

    It would be more secure to have one VIP for internal users which filters only by client IP address and a second VIP which points at a version of the app that doesn't allow access to this URI from anyone.

     

     

    Aaron