Forum Discussion

Nimbostratus

Apr 01, 2011

data group not matching

I'm writing an irule to deny logins from external users. I've tried to define a datagroup that contains allowed subnets, but have not been able to get it to match to an incoming address. See below. ...

Cirrostratus

Apr 01, 2011

That looks good. One small correction: you're missing the square braces around HTTP::path:

switch -glob [string tolower [HTTP::path]] {

Also be aware that it's really simple to bypass URI based checks like that on IIS:

http://devcentral.f5.com/Community/GroupDetails/tabid/1082223/asg/50/aft/30900/showtab/groupforums/Default.aspx31324

Aaron

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

data group not matching

Recent Discussions

Decode ObjectSID from Base64-encode string

iRule - Url rewrite and header replace and pool selection not working

ip x-forwarding

F5 ASM API-Protection Policy

ports are showing open on online scanning tool

Related Content

Class match with starts_with - Data group matching order

Re: Automate Data Group updates on many Big-IP devices using Big-IQ or Ansible

Working with subsets of data-group records via iControl REST

Certified Kubernetes Administrator - Study Group

Can I have a data group, with "data group" members

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS