Forum Discussion

Charlie_2_10323's avatar
Charlie_2_10323
Icon for Nimbostratus rankNimbostratus
Jun 22, 2009

Hostname uri and source-ip based access

Hi

 

I would like have a rule which I can

 

Check hostname

 

Check uri

 

And Check source network (should be private Network 10../8 192.168./16 )

 

If all matches than redirect to http://hostname/public

 

possible?

 

Regards

 

Charlie

 

when CLIENT_ACCEPTED {

 

if { ([HTTP::host] equals "hostname.com") }

 

if {[HTTP::uri] equals "mcx" }

 

if { [IP::addr [IP::client_addr]/8 equals 10.0.0.0] }

 

if { [IP::addr [IP::client_addr]/16 equals 192.168.0.0] } {

 

HTTP::redirect "http://hostname.com/public"}

 

} elseif {

 

drop

 

}

 

}
application delivery
dev
devops
iRules

2 Replies

  • hoolio's avatar
    hoolio
    Icon for Cirrostratus rankCirrostratus
    Jun 22, 2009
    That's close in concept. If you want to check the hostname and URI, you'll need to wait until the HTTP_REQUEST event to check as this is when the HTTP headers have been parsed. The URI will always start with a forward slash, so you might want to see if the URI equals "/mcx".

    Also, there is a default datagroup named private_net which you can reference with matchclass: 

     
 class private_net { 
    network 10.0.0.0/8 
    network 172.16.0.0/12 
    network 192.168.0.0/16 
 }

    So you could use something like this: 

     
 when HTTP_REQUEST { 
  
     Check if client IP is a private network 
    if {[matchclass [IP::client_addr] equals $::private_net]}{ 
  
        Check if requested host is hostname.com 
       if {[string tolower [HTTP::host]] eq "hostname.com"}{ 
  
           Check if URI starts with "/mcx" 
          if {[string tolower [HTTP::uri]] starts_with "/mcx"}{ 
  
             HTTP::redirect "http://hostname.com/public" 
          } 
       } 
    } 
 }

    Aaron