Forum Discussion
How to restrict a url access from a specific two ip's
If you still wanted to do this with an iRule, you could do something like this:
# Create internal data groups
tmsh create ltm data-group internal DG-IP-WHITELIST type ip records add { 104.123.3.1 117.23.2.1 }
tmsh create ltm data-group internal DG-RESTRICTED-PATHS type string records add { /abc/update }
# iRule
when HTTP_REQUEST {
set DEBUG 1
set DEFAULT_POOL [LB::server pool]
set HOST [string tolower [HTTP::host]]
set PATH [HTTP::path]
set CLIENT_IP [IP::client_addr]
if { [class match -- $PATH contains DG-RESTRICTED-PATHS] } {
if { [class match -- $CLIENT_IP equals DG-IP-WHITELIST] } {
if { $DEBUG } { log local0. "$CLIENT_IP has been granted access to $HOST with path $PATH" }
pool $DEFAULT_POOL
}
else {
if { $DEBUG } { log local0. "$CLIENT_IP has been refused access to $HOST with path $PATH" }
reject
}
}
}
- CHRISTY_THOMASJan 05, 2024Cirrus
hi,
what about below irule: whether it will meet the requirement:
when HTTP_REQUEST {
if{[HTTP::path] contains "/abc/update" and [IP::addr [IP::client_addr] equals 104.123.3.1] or [IP::addr [IP::addr [IP::client_addr] equals 117.23.2.1]}
else{
reject
}
- Jan 05, 2024
Could you confirm whether source IPs 104.123.3.1 and 117.23.2.1 should be *allowed* to access path "/abc/update". Or should they be denied?
- CHRISTY_THOMASJan 05, 2024Cirrus
only IPs 104.123.3.1 and 117.23.2.1 can acces to path "/abc/update". remainng Ip connections from internet towards acess path "/abc/update" should be droped/blocked
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com