Forum Discussion
Jinshu_134425
Nimbostratus
NimbostratusCreate an Irule action based on username
Hello Friends,
I am trying to create an irule which actions based on username provided.
below are the conditions:
- internal users : all accesses are allowed.
- For the external customers the username Admin is restricted.
- For the username Apple should allow from only specific subnet range.
Internal Customers: 10.91.0.0/16, External Customers: 0/0, Apple users: 172.65.0.0/16,
The website login form look like this: https://jinshu.com/?username=johnsmith&password=secretkey
Can somebody help me on this?
Regards, Jinshu
2 Replies
Michael_JenkinsCirrostratus
I think this code will help you out. You may have to tweak it a little bit (especially the response messages). You can also simply call drop to drop the connection completely instead of returning a message if you wanted.
when HTTP_REQUEST { Internal users if { [IP::addr [IP::client_addr] equals "10.91.0.0/16"] } { Access allowed } else { switch [string tolower [URI::query "?[HTTP::query]" "username"]] { "admin" { HTTP::respond 200 Content {Acccess denied for admin account on external access} return } "apple" { if { not ([IP::addr [IP::client_addr] equals "172.65.0.0/16"]) } { HTTP::respond 200 Content {You are not on the proper subnet. Access denied.} return } Access allowed } } } }
Mahmoud_Eldeeb_I have same idea
when HTTP_REQUEST { Internal users if { [IP::addr [IP::client_addr] equals "10.91.0.0/16"] } { Access allowed } else { switch [string tolower [URI::query "?[HTTP::query]" "username"]] { "admin" { HTTP::respond 200 Content { Acccess denied for admin account on external access } return } "apple" { if { not ([IP::addr [IP::client_addr] equals "172.65.0.0/16"]) } { HTTP::respond 200 Content { You are not on the proper subnet. Access denied. } return } } } } }
