Forum Discussion

srandhawa_75222's avatar
srandhawa_75222
Icon for Nimbostratus rankNimbostratus
Oct 13, 2013

How to create iRule to grant additional access to a specific client

Hi...I have a pool which is hosting URI accessible to the general public. But I want to now grant additional access to a particular vendor to the following additional URIs /CustomerInformationService...
application delivery
devops
iRules
Kevin_Stewart's avatar
Kevin_Stewart
Icon for Employee rankEmployee
Oct 14, 2013

If I may add, authentication, or some form of identity validation is required for this to work. If you validate the request as coming from a particular vendor, either through an authenticated session, or perhaps a known IP range, then the iRule would be pretty straight forward. Example:

when HTTP_REQUEST { 
    if { ( [class match [string tolower [HTTP::uri]] starts_with my_uri_dg] ) and ( $vendor equals "my_special_vendor" ) } {
        return
    } else {
        drop
         or
         HTTP::respond 200 content "...no access..."
    }
}

where "my_uri_dg" is a string-based data group with the URIs you want to protect. Example:

/customerinformationservice/v1/customerinformationservice.svc := 1 
/productservice/v1/productservice.svc := 1

You could optionally define which vendors had access to specific URIs. Ultimately though, 

and ( $vendor equals "my_special_vendor" )

you have to figure out how to differentiate one HTTP request from another.