Forum Discussion

Nimbostratus

Aug 29, 2013

How do I only allow access to certain folders from a few IPs but not others

I can create an data group for the approved IP list but how do I take that list and use it to allow access to folders. for example: IP 1.2.3.4 can access mysite.com/folder1 mysite.com/folde...

JRahm

Admin

Aug 29, 2013

Create an IP data group

ltm data-group internal myiplist {
    records {
        1.2.3.4/32 {
            data "/folder1 /folder2 /folder3"
        }
        2.3.4.5/32 {
            data /folder4
        }
        3.4.5.6/32 {
            data "/folder 1 /folder4"
        }
    }
    type ip
}

Then you can have an iRule like:

when HTTP_REQUEST {
  if { [lsearch [class lookup [IP::client_addr] myiplist] [string tolower [HTTP::path]]] == -1 } { discard }
}

might have some syntax wrong there, not currently near a box to test. But basically, you're searching the value of the IP key from the class for the allowed folder, and if it isn't present, discarding the request. You could redirect instead.

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)