Forum Discussion
bmohanak_276891
Cirrus
CirrusI need help with an iRule to restrict inbound connections to certain IPs
Hello F5 Experts.
I am New to F5 and iRules, I am helping my team to troubleshoot an iRule Issue, Basically the Irule is already in place which is to allow only the IPs listed in the iRule to have ...
Yann_Desmarest_
Nacreous
NacreousHi,
You can use the following irule to disallow access to specific urls to users :
when HTTP_REQUEST {
if { [string tolower [HTTP::path]] starts_with "/devicemanagement/enroll" or [string tolower [HTTP::path]] starts_with "/deviceservices/enrollment/airwatchenroll.aws" and ![class match [IP::client_addr] equals irdg-mdm-test] } {
log local0. "[IP::client_addr] - Matched default policy: Access Denied"
reject
return
}
}
This irule will allow IP addresses defined in the datagroup named irdg-mdm-test to access specified urls. Other IPs will be rejected.
Maybe, you can also change the
rejectHTTP::respond 403 content "Request Not Allowed"Note : Pay attention that you don't have other irules, LTM policies or whatever else that bypass this irule processing.
- Yann_Desmarest_
You may also expect something more scalable :
when HTTP_REQUEST { if { [class match [HTTP::path] contains url-mdm-test] and ![class match [IP::client_addr] equals irdg-mdm-test] } { log local0. "[IP::client_addr] - Matched default policy: Access Denied" reject return } } 
bmohanak_276891Yann,
I have changed the iRule to above but connections are still being allowed when I try to access from an machine not from this list.
- Yann_Desmarest_
Hi,
Hi updated the irule above. Can you check that you get the logs from the irule in the /var/log/ltm logfile ?
Do you have some proxy or reverse proxy between F5 and the client ?
