Forum Discussion
VictorC
Jun 21, 2011Nimbostratus
HTTP VS: Only allow specific client IP but open specific /uri for all.
Hi,
Currently I have an iRule on a HTTP VS that discards requests if the client IP is not in the allow class. Now I have to add an extra requirement to allow 'all' if a specific /uri is giv...
hooleylist
Jun 21, 2011Cirrostratus
Can you clear your browser cache and retest? If the issue still recurs, can you add debug logging and check /var/log/ltm for the output?
when CLIENT_ACCEPTED {
if { [matchclass [IP::client_addr] equals $::myallowedclients] }{
set allowed 1
log local0. "[IP::client_addr]:[TCP::client_port]: Client is in allowed class"
} else {
Client is not in the allowed class
set allowed 0
log local0. "[IP::client_addr]:[TCP::client_port]: Client is not in allowed class"
}
}
when HTTP_REQUEST {
Check if requested URI is whitelisted
switch -glob [HTTP::uri] {
"/allowed_starts_with/*" -
"*/allowed_contains/*" -
"/allowed_exact" {
set allowed 1
log local0. "[IP::client_addr]:[TCP::client_port]: URI is allowed per whitelist"
}
}
if { $allowed == 0 }{
Disallowed request
Reset connection
reject
Send HTTP reject message
HTTP::respond 403 content {blocked!}
log local0. "[IP::client_addr]:[TCP::client_port]: Blocking request"
}
}
Aaron
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects