For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Brad_Parker's avatar
Brad_Parker
Icon for Cirrus rankCirrus
Sep 29, 2015

You could try something like this:

when HTTP_REQUEST {
    if {[string tolower [HTTP::uri]] starts_with "/webapp1"}{
        if {not ([ACCESS::session data get session.ad.last.attr.memberOf] contains "CN=Webapp1-access")}{
            HTTP::respond 403
        }
    }
    elseif {[string tolower [HTTP::uri]] starts_with "/webapp2"}{
        if {not ([ACCESS::session data get session.ad.last.attr.memberOf] contains "CN=Webapp2-access")}{
            HTTP::respond 403
        }
    }
    elseif {[string tolower [HTTP::uri]] starts_with "/webapp3"}{
        if {not ([ACCESS::session data get session.ad.last.attr.memberOf] contains "CN=Webapp3-access")}{
            HTTP::respond 403
        }
    }
}