For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

bmohanak_276891's avatar
bmohanak_276891
Icon for Cirrus rankCirrus
Jul 13, 2016

I need help with an iRule to restrict inbound connections to certain IPs

Hello F5 Experts. I am New to F5 and iRules, I am helping my team to troubleshoot an iRule Issue, Basically the Irule is already in place which is to allow only the IPs listed in the iRule to have ...
application delivery
iRules
Yann_Desmarest_'s avatar
Yann_Desmarest_
Icon for Nacreous rankNacreous
Jul 30, 2016

Hi,

You can use the following irule to disallow access to specific urls to users : 

when HTTP_REQUEST {
  if { [string tolower [HTTP::path]] starts_with "/devicemanagement/enroll" or [string tolower [HTTP::path]] starts_with "/deviceservices/enrollment/airwatchenroll.aws" and ![class match [IP::client_addr] equals irdg-mdm-test] } {
      log local0. "[IP::client_addr] - Matched default policy: Access Denied"
      reject
      return
  }
}

This irule will allow IP addresses defined in the datagroup named irdg-mdm-test to access specified urls. Other IPs will be rejected.

Maybe, you can also change the 

reject
command to something more user friendly like 

HTTP::respond 403 content "Request Not Allowed"

Note : Pay attention that you don't have other irules, LTM policies or whatever else that bypass this irule processing.

Yann_Desmarest_'s avatar
Yann_Desmarest_
Icon for Nacreous rankNacreous
Aug 02, 2016

Hi,

 

Hi updated the irule above. Can you check that you get the logs from the irule in the /var/log/ltm logfile ?

 

Do you have some proxy or reverse proxy between F5 and the client ?