Conditional HTTP/S Redirect - Source IP Range

Question

My internal clients all fall within the private 10.0.0.0/8 IP address range. I'm looking for an iRule that will deliver all of the requirements listed below. The iRule will be attached to a single LTM virtual server that serves both internal and internet clients:&nbsp;
•Redirect all http to https&nbsp;
•       10.0.0.0/8 access to "https://portal.test.net/vcac" and "https://portal.test.net" should be permitted.&nbsp;
•Internet access to "https://portal.test.net/vcac" and "https://portal.test.net" should be redirected to "http://error.test.net/oops". &nbsp;
•Internet access to "https://portal.test.net/vcac/org/*" should be permitted i.e. any string/uri following the "/org/" is ok.&nbsp;
Can anyone help please?&nbsp;
Many thanks&nbsp;
R&nbsp;

kevin_stewart · Answer

This should be pretty close to your description:
when HTTP_REQUEST {
    if { [IP::addr [IP::client_addr] equals 10.0.0.0/8] } {
         local clients - allow all access
        return
    } else {
         remote clients
        if { [string tolower [HTTP::uri]] starts_with "/vcac/org/" } {
             permit
            return
        } else {
             redirect
            HTTP::redirect "http://error.test.net/oops"
        }   
    }
}

Forum Discussion

Conditional HTTP/S Redirect - Source IP Range

1 Reply

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

2026 301a exam

UCS Encryption Question

Unblock Request WAF

VIP is not responding on SYN after enabling other modules like ASM, APM and AFM.

VIP in https that redirect to another vip in https

Related Content

HTTP/1.1’s Limitations - and How F5 Has You Covered

F5 HTTPS Redirect 2025

Conditional XOR operations

Intermediate iRules: Nested Conditionals

Conditional Redirection

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS