Forum Discussion

Nimbostratus

Dec 17, 2014

Create an Irule action based on username

Hello Friends, I am trying to create an irule which actions based on username provided. below are the conditions: internal users : all accesses are allowed. For the external customer...

application delivery

availability

BIG-IP Access Policy Manager (APM)

Cirrostratus

Dec 17, 2014

I think this code will help you out. You may have to tweak it a little bit (especially the response messages). You can also simply call drop to drop the connection completely instead of returning a message if you wanted.

when HTTP_REQUEST {
     Internal users
    if { [IP::addr [IP::client_addr] equals "10.91.0.0/16"] } {
         Access allowed 
    } else {
        switch [string tolower [URI::query "?[HTTP::query]" "username"]] {
            "admin" {
                HTTP::respond 200 Content {Acccess denied for admin account on external access}
                return
            }
            "apple" {
                if { not ([IP::addr [IP::client_addr] equals "172.65.0.0/16"]) } {
                    HTTP::respond 200 Content {You are not on the proper subnet. Access denied.}
                    return
                }

                 Access allowed
            }
        }
    }
}

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)