Forum Discussion
VictorC
Nimbostratus
NimbostratusHTTP VS: Only allow specific client IP but open specific /uri for all.
Hi,
Currently I have an iRule on a HTTP VS that discards requests if the client IP is not in the allow class. Now I have to add an extra requirement to allow 'all' if a specific /uri is giv...
hooleylist
Cirrostratus
CirrostratusSorry, I should have included the URI in the logs. Can you try this?
when CLIENT_ACCEPTED {
if { [matchclass [IP::client_addr] equals $::myallowedclients] }{
set allowed 1
log local0. "[IP::client_addr]:[TCP::client_port]: Client is in allowed class"
} else {
Client is not in the allowed class
set allowed 0
log local0. "[IP::client_addr]:[TCP::client_port]: Client is not in allowed class"
}
}
when HTTP_REQUEST {
Check if requested URI is whitelisted
switch -glob [HTTP::uri] {
"/allowed_starts_with/*" -
"*/allowed_contains/*" -
"/allowed_exact" {
set allowed 1
log local0. "[IP::client_addr]:[TCP::client_port]: URI is allowed per whitelist [HTTP::uri]"
}
}
if { $allowed == 0 }{
Disallowed request
Reset connection
reject
Send HTTP reject message
HTTP::respond 403 content {blocked!}
log local0. "[IP::client_addr]:[TCP::client_port]: Blocking request to [HTTP::uri]"
}
}
Aaron