Forum Discussion
coreyva
Nimbostratus
Nimbostratusdata group not matching
I'm writing an irule to deny logins from external users. I've tried to define a datagroup that contains allowed subnets, but have not been able to get it to match to an incoming address. See below. ...
coreyvaNimbostratus
NimbostratusHere is what I ended up with.
when CLIENT_ACCEPTED {
set DEBUG "0"
if { $DEBUG } {log local0. "Client IP address is: [IP::remote_addr]"}
Check if client IP is not in the UserDataGroup
if { [class match [IP::remote_addr] equals "UserDataGroup"] }{
if { $DEBUG } {log local0. "Client is in UserDataGroup"}
Prevent the HTTP_REQUEST event from firing if user is local
event HTTP_REQUEST disable
}
elseif { $DEBUG } {log local0. "Client is in NOT UserDataGroup"}
}
when HTTP_REQUEST {
switch -glob [string tolower HTTP::path] {
"/login.aspx" -
"/foo/login.aspx" -
"/bar/login.aspx" {
Reject login info from non sites
HTTP::respond 403 content "Logins only allowed from networks.\r\n"
}
}
}