Forum Discussion

felix001_29321's avatar
felix001_29321
Icon for Nimbostratus rankNimbostratus
Jan 15, 2013

HTTP 403 with Irule

I have a VIP set up with both client and server side SSL.   I have added an irule to issue a 403 if the client comes from a certain IP for a certain domain. But when I curl it reports a ssl socket...
application delivery
dev
devops
iRules
nitass's avatar
nitass
Icon for Employee rankEmployee
Jan 15, 2013
this is mine. 

[root@ve10:Active] config  b virtual bar443 list
virtual bar443 {
   snat automap
   pool foo
   destination 172.28.19.252:443
   ip protocol 6
   rules myrule
   profiles {
      clientssl {
         clientside
      }
      http {}
      serverssl {
         serverside
      }
      tcp {}
   }
}
[root@ve10:Active] config  b rule myrule list
rule myrule {
   when HTTP_REQUEST {
   if { ([HTTP::host] equals "domain.com") and (not [class match [IP::client_addr] equals group ]) } {
      HTTP::respond 403
   }
}
}
[root@ve10:Active] config  b class group list
class group {
   host 172.28.19.251
}

 client is 172.28.19.253

[root@ve10:Active] config  curl -Ik https://172.28.19.252 -H "Host: domain.com"
HTTP/1.0 403 Forbidden
Server: BigIP
Connection: Keep-Alive
Content-Length: 0

 client is 172.28.19.251

[root@centos251 ~] curl -Ik https://172.28.19.252 -H "Host: domain.com"
HTTP/1.1 200 OK
Date: Tue, 15 Jan 2013 08:32:55 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Sat, 27 Oct 2012 03:22:35 GMT
ETag: "4183f3-59-f28f94c0"
Accept-Ranges: bytes
Content-Length: 89
Content-Type: text/html; charset=UTF-8