Forum Discussion
VictorC
Jun 21, 2011Nimbostratus
HTTP VS: Only allow specific client IP but open specific /uri for all.
Hi,
Currently I have an iRule on a HTTP VS that discards requests if the client IP is not in the allow class. Now I have to add an extra requirement to allow 'all' if a specific /uri is giv...
VictorC
Jun 21, 2011Nimbostratus
Ok, I've cleared my cookies and cache. Here are the steps I took, followed by what I see in the log. (I'm using the HTTP::respond 403 content)
Went to the home page and see the blocked! message:
Jun 21 11:36:37 tmm tmm[1085]: Rule restrict-rule : 10.10.10.5:53478: Blocking request
Added /myuri in the URL bar without closing browser:
Jun 21 11:36:52 tmm tmm[1085]: Rule restrict-rule : 10.10.10.5:53477: URI is allowed per whitelist
Hit the Back button on the browser to bring me back to the home page, nothing is logged (and I see the blocked! message from webpage; seems like from cache)
Hit Refresh on the browser a few times and I can see contents on the home page, which I shouldn't.
Jun 21 11:37:03 tmm tmm[1085]: Rule restrict-rule : 10.10.10.5:53478: Blocking request
Jun 21 11:37:07 tmm tmm[1085]: Rule restrict-rule : 10.10.10.5:53478: Blocking request
Jun 21 11:37:07 tmm tmm[1085]: Rule restrict-rule : 10.10.10.5:53488: Client is not in allowed class
Jun 21 11:37:07 tmm tmm[1085]: Rule restrict-rule : 10.10.10.5:53489: Client is not in allowed class
Jun 21 11:37:07 tmm tmm[1085]: Rule restrict-rule : 10.10.10.5:53478: Blocking request
Jun 21 11:37:07 tmm tmm[1085]: Rule restrict-rule : 10.10.10.5:53488: Blocking request
Jun 21 11:37:07 tmm tmm[1085]: Rule restrict-rule : 10.10.10.5:53490: Client is not in allowed class
Jun 21 11:37:07 tmm tmm[1085]: Rule restrict-rule : 10.10.10.5:53491: Client is not in allowed class
Jun 21 11:37:07 tmm tmm[1085]: Rule restrict-rule : 10.10.10.5:53489: Blocking request
Jun 21 11:37:07 tmm tmm[1085]: Rule restrict-rule : 10.10.10.5:53490: Blocking request
Jun 21 11:37:07 tmm tmm[1085]: Rule restrict-rule : 10.10.10.5:53491: Blocking request
Jun 21 11:37:08 tmm tmm[1085]: Rule restrict-rule : 10.10.10.5:53478: Blocking request
Jun 21 11:37:08 tmm tmm[1085]: Rule restrict-rule : 10.10.10.5:53488: Blocking request
Jun 21 11:37:08 tmm tmm[1085]: Rule restrict-rule : 10.10.10.5:53489: Blocking request
Jun 21 11:37:08 tmm tmm[1085]: Rule restrict-rule : 10.10.10.5:53490: Blocking request
Jun 21 11:37:08 tmm tmm[1085]: Rule restrict-rule : 10.10.10.5:53491: Blocking request
Jun 21 11:37:12 tmm tmm[1085]: Rule restrict-rule : 10.10.10.5:53478: Blocking request
Jun 21 11:37:12 tmm tmm[1085]: Rule restrict-rule : 10.10.10.5:53488: Blocking request
Jun 21 11:37:12 tmm tmm[1085]: Rule restrict-rule : 10.10.10.5:53489: Blocking request
Jun 21 11:37:12 tmm tmm[1085]: Rule restrict-rule : 10.10.10.5:53490: Blocking request
Jun 21 11:37:12 tmm tmm[1085]: Rule restrict-rule : 10.10.10.5:53491: Blocking request
Jun 21 11:37:12 tmm tmm[1085]: Rule restrict-rule : 10.10.10.5:53478: Blocking request
Jun 21 11:37:12 tmm tmm[1085]: Rule restrict-rule : 10.10.10.5:53488: Blocking request
Waited a minute, hit Refresh again, and this time I'm blocked.
Jun 21 11:38:04 tmm tmm[1085]: Rule restrict-rule : 10.10.10.5:53489: Blocking request
Jun 21 11:38:04 tmm tmm[1085]: Rule restrict-rule : 10.10.10.5:53490: Blocking request
Jun 21 11:38:04 tmm tmm[1085]: Rule restrict-rule : 10.10.10.5:53491: Blocking request
Jun 21 11:38:04 tmm tmm[1085]: Rule restrict-rule : 10.10.10.5:53478: Blocking request
Jun 21 11:38:04 tmm tmm[1085]: Rule restrict-rule : 10.10.10.5:53488: Blocking request
Jun 21 11:38:04 tmm tmm[1085]: Rule restrict-rule : 10.10.10.5:53489: Blocking request
Jun 21 11:38:04 tmm tmm[1085]: Rule restrict-rule : 10.10.10.5:53490: Blocking request
Jun 21 11:38:04 tmm tmm[1085]: Rule restrict-rule : 10.10.10.5:53491: Blocking request
Jun 21 11:38:04 tmm tmm[1085]: Rule restrict-rule : 10.10.10.5:53478: Blocking request
Strange right?
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects