Help required to know how to configure irule for below scenario

Question

&nbsp;When users sourced from IPs (FqDn "outlook.office365.com") hits below 2 URLs the traffic should be redirected to pool "abc.yyy.com443" , if users sourced from out of that FqDn range hitting these URLs should be dropped or not allowed.&nbsp;https://abc.yyy.com/https://abc.yyy.com/owa&nbsp;When any users hits below URLs the traffic should be redirected to pool "abc.yyy.com443"&nbsp;https://abc.yyy.com/mapihttps://abc.yyy.com/ebchttps://abc.yyy.com/eap&nbsp;Pool: "abc.yyy.com443"&nbsp;This is very urgent  need help to configure this

mayur_sutare · Answer

If you want to allow access to specific source IP addresses/subnet, the most secure way is to do it using IP filter rules/ASM. You can alternately do this with an iRule and data group. Create an address-based data group (ex.allowed_IPs) and add the allowed IPs/subnets in it.

when CLIENT_ACCEPTED {

if { not ( [class match [IP::client_addr] equals allowed_IPs] ) } {

reject

}

2. If your url 'abc.yyy.com' is same then you can directly bind pool "abc.yyy.com443" to VS associated with this URL. So all requests hitting to given URL (irrespective of URI part), request will go to same pool.

Hope it helps you!

Mayur

Forum Discussion

Help required to know how to configure irule for below scenario

Recent Discussions

Need Urgent BIGIP Trial License and VM Image

APM for banner and cert

How to Renew F5 Device Certificate

UCS backup not loading Big IP DNS pool

XC Bot defense question

Related Content

Upcoming Action Required: F5 NGINX Plus R33 Release and Licensing Update

Javascript injecting systems effect on web application end users - a scenario review

Especial Load Balancing Active-Passive Scenario (I)

Especial Load Balancing Active-Passive Scenario (II)

Reminder: MFA now required to log in to DevCentral

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS