F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

CHRISTY_THOMAS's avatar
CHRISTY_THOMAS
Icon for Cirrus rankCirrus
Jan 05, 2024

How to restrict a url access from a specific two ip's

Hi, How to retsrict a url access from internet for a specific two ip's !  whether it can be achieved via LTM policy or via irule? logic that i have cretaed using irule given below: when HTTP_REQU...
application delivery
devops
security
Michael_Saleem's avatar
Michael_Saleem
Icon for MVP rankMVP
Jan 05, 2024

If you still wanted to do this with an iRule, you could do something like this:

# Create internal data groups
tmsh create ltm data-group internal DG-IP-WHITELIST type ip records add { 104.123.3.1 117.23.2.1 }
tmsh create ltm data-group internal DG-RESTRICTED-PATHS type string records add { /abc/update } 

# iRule
when HTTP_REQUEST {
    set DEBUG 1
    set DEFAULT_POOL [LB::server pool]
    set HOST [string tolower [HTTP::host]]
    set PATH [HTTP::path]
    set CLIENT_IP [IP::client_addr]

    if { [class match -- $PATH contains DG-RESTRICTED-PATHS] } {
        if { [class match -- $CLIENT_IP equals DG-IP-WHITELIST] } {
            if { $DEBUG } { log local0. "$CLIENT_IP has been granted access to $HOST with path $PATH" }
            pool $DEFAULT_POOL
        }
        else {
            if { $DEBUG } { log local0. "$CLIENT_IP has been refused access to $HOST with path $PATH" }
            reject
        }
    }
}

 

CHRISTY_THOMAS's avatar
CHRISTY_THOMAS
Icon for Cirrus rankCirrus
Jan 05, 2024

hi,

what about below irule: whether it will meet the requirement:

when HTTP_REQUEST {

if{[HTTP::path] contains "/abc/update" and [IP::addr [IP::client_addr] equals 104.123.3.1] or [IP::addr [IP::addr [IP::client_addr] equals 117.23.2.1]}

else{

reject

}