Forum Discussion
CHRISTY_THOMAS
Cirrus
CirrusHow to restrict a url access from a specific two ip's
Hi, How to retsrict a url access from internet for a specific two ip's ! whether it can be achieved via LTM policy or via irule? logic that i have cretaed using irule given below: when HTTP_REQU...
If you still wanted to do this with an iRule, you could do something like this:
# Create internal data groups
tmsh create ltm data-group internal DG-IP-WHITELIST type ip records add { 104.123.3.1 117.23.2.1 }
tmsh create ltm data-group internal DG-RESTRICTED-PATHS type string records add { /abc/update }
# iRule
when HTTP_REQUEST {
set DEBUG 1
set DEFAULT_POOL [LB::server pool]
set HOST [string tolower [HTTP::host]]
set PATH [HTTP::path]
set CLIENT_IP [IP::client_addr]
if { [class match -- $PATH contains DG-RESTRICTED-PATHS] } {
if { [class match -- $CLIENT_IP equals DG-IP-WHITELIST] } {
if { $DEBUG } { log local0. "$CLIENT_IP has been granted access to $HOST with path $PATH" }
pool $DEFAULT_POOL
}
else {
if { $DEBUG } { log local0. "$CLIENT_IP has been refused access to $HOST with path $PATH" }
reject
}
}
}
CHRISTY_THOMAShi,
what about below irule: whether it will meet the requirement:
when HTTP_REQUEST {
if{[HTTP::path] contains "/abc/update" and [IP::addr [IP::client_addr] equals 104.123.3.1] or [IP::addr [IP::addr [IP::client_addr] equals 117.23.2.1]}
else{
reject
}
Could you confirm whether source IPs 104.123.3.1 and 117.23.2.1 should be *allowed* to access path "/abc/update". Or should they be denied?
- CHRISTY_THOMAS
only IPs 104.123.3.1 and 117.23.2.1 can acces to path "/abc/update". remainng Ip connections from internet towards acess path "/abc/update" should be droped/blocked