For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

bmohanak_276891's avatar
bmohanak_276891
Icon for Cirrus rankCirrus
Jul 13, 2016

I need help with an iRule to restrict inbound connections to certain IPs

Hello F5 Experts. I am New to F5 and iRules, I am helping my team to troubleshoot an iRule Issue, Basically the Irule is already in place which is to allow only the IPs listed in the iRule to have ...
application delivery
iRules
Ed_Summers's avatar
Ed_Summers
Icon for Nimbostratus rankNimbostratus
Jul 13, 2016

This may be a good application for a data-group. It may make management of the allowed IP addresses easier. If you create an internal data-group called 'allowed_ips', the iRule below will reject connections that are not sourced from an IP in the data-group.

Also for your string match, both entries contain '/devicexx/enxx', so the OR is superfluous. That is, unless the information you redacted is different between the entries?

if { ([string tolower [HTTP::uri]] contains "/devicexx/enxx") ||
 ([string tolower [HTTP::uri]] contains "/devicexx/enxx/airxx.aws") } { 
    if { ! [class match [IP::client_addr] eq allowed_ips] } {
        log local0. "Matched default policy: Access Denied
        reject
    }
 }

}