Forum Discussion
NimbostratusHow to block specific url for src ip address
Hi, Today i have to secure policy for evry site on for Https an one for Http.
I blocked https profile from extrenal ip src ( i block the access with my firewall "check point" ), and permit only internal ip address.
Following new needs i will have to allow access to the https secure profile from external internet, but i want to disallow access to specific URL (/admin) from external ip and allow all to internal ip address.
Can use this irule ? "when HTTP_REQUEST" is good to Https also ? What is the meaning of "/folderA*" ?
when HTTP_REQUEST {
Check the requested URI
switch -glob [string tolower [HTTP::path]] {
"/folderA" {
Reset the request if if the source IP is not allowed
if {not ([matchclass [IP::client_addr] equals $::users_A_class])}{
reject
}
"/folderB" {
Reset the request if the source IP is not allowed
if {not ([matchclass [IP::client_addr] equals $::users_B_class])}{
reject
}
"/folderC*" {
Reset the request if the source IP is not allowed
if {not ([matchclass [IP::client_addr] equals $::users_C_class])}{
reject
}
default {
Reset the request
reject
}
}
}
1 Reply
Rafish_129330I found the solution
first create datagroup (in my case the datagroup name is "Src_ip_Address")
To create data group: Local Traffic->iRules->Data Group List
when HTTP_REQUEST {
check the Class to determine if it's not allowedif {[HTTP::uri] contains "admin" || [HTTP::uri] contains "login"} { if {not[class match [IP::client_addr] equals Src_ip_Address] } {
log local0. "dropped connection"reject } } }
Regards Rafi
