Forum Discussion
How to restrict a url access from a specific two ip's
Hi,
How to retsrict a url access from internet for a specific two ip's !
whether it can be achieved via LTM policy or via irule?
logic that i have cretaed using irule given below:
when HTTP_REQUEST {
if{[HTTP::path] contains "/abc/update" and [IP::addr [IP::client_addr] equals 104.123.3.1] or [IP::addr [IP::addr [IP::client_addr] equals 117.23.2.1]}
else{
reject
}
Requesting immediate assistence
If you still wanted to do this with an iRule, you could do something like this:
# Create internal data groups tmsh create ltm data-group internal DG-IP-WHITELIST type ip records add { 104.123.3.1 117.23.2.1 } tmsh create ltm data-group internal DG-RESTRICTED-PATHS type string records add { /abc/update } # iRule when HTTP_REQUEST { set DEBUG 1 set DEFAULT_POOL [LB::server pool] set HOST [string tolower [HTTP::host]] set PATH [HTTP::path] set CLIENT_IP [IP::client_addr] if { [class match -- $PATH contains DG-RESTRICTED-PATHS] } { if { [class match -- $CLIENT_IP equals DG-IP-WHITELIST] } { if { $DEBUG } { log local0. "$CLIENT_IP has been granted access to $HOST with path $PATH" } pool $DEFAULT_POOL } else { if { $DEBUG } { log local0. "$CLIENT_IP has been refused access to $HOST with path $PATH" } reject } } }
hi,
what about below irule: whether it will meet the requirement:
when HTTP_REQUEST {
if{[HTTP::path] contains "/abc/update" and [IP::addr [IP::client_addr] equals 104.123.3.1] or [IP::addr [IP::addr [IP::client_addr] equals 117.23.2.1]}
else{
reject
}
Could you confirm whether source IPs 104.123.3.1 and 117.23.2.1 should be *allowed* to access path "/abc/update". Or should they be denied?
- zamroni777Nacreous
instead of irules scripting, you can use gui based local traffic policy.
the managebility and performance is better than irules.Hi,
thanks for the response
whether it is possible to share the LTM policy for the logic i have raised !
- zamroni777Nacreous
the gui is very simple:
- yakaiCirrus
Hello,
I created a policy that restrict url access for the IPs listed above.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com