Forum Discussion

Robert_Pagano_7's avatar
Robert_Pagano_7
Icon for Nimbostratus rankNimbostratus
May 30, 2013

deny access to certain URIs based on client source IP address and URI being accessed

I have been asked to deny access to a virtual server if ...   [1] the client is coming from a "non-private" (i.e. not RFC 1918) IP address   and   [2] the client is trying to access any one ...
application delivery
dev
devops
iRules
Robert_Pagano_7's avatar
Robert_Pagano_7
Icon for Nimbostratus rankNimbostratus
May 31, 2013
Kevin:

 

 

Thank you for your response and your suggestions.

 

 

This iRule will be deployed on a box running 9.x code so I suppose the "$::" is required.

 

 

Also, based on your comments, I've made a few edits to the iRule.

 

 

----- irule -----

 

 

when HTTP_REQUEST {

 

if {not ([matchclass [IP::client_addr] equals $::INTERNAL_NETWORKS_class]) } {

 

switch -glob [string tolower [HTTP::uri]] {

 

"/blah-blah-blah" -

 

"/system/yada-yada-yada?config=1&usertype=1&other-stuff=true" -

 

"/system/yada-yada-yada?config=1&usertype=2&other-stuff=true" { drop }

 

}

 

}

 

}

 

-----

 

 

In the above, I manually converted the URIs to lower case but I suppose it should be possible to do something like ...

 

 

[string tolower ["blah-blah-blah"] -

 

[string tolower ["system/yada-yada-yada?CONFIG=1&USERTYPE=1&other-stuff=true"] -

 

[string tolower ["system/yada-yada-yada?CONFIG=1&USERTYPE=2&other-stuff=true"] { drop }

 

 

Thanks again!