IPs filtering

Question

Hello (still newbie)&nbsp;
I have a rule that limits the access to /alfresco to a range of IP addresses. The access is limited to servers and IY users.&nbsp;
The pb is that I need to authorize the access to a particular URL = dav://MYHOST/alfresco/webdav/* for all end-users. Is there a way the except the requests to dav: ?&nbsp;
when HTTP_REQUEST {
 if { ([HTTP::uri] starts_with "/alfresco") }
    {
      Check if the client IP is not part of the datagroup hosts/networks
                if { not ([matchclass [IP::client_addr] equals allowed_clients_alfresco]) }{
 Log dropped requests
log local0. "Invalid client IP: [IP::client_addr] - discarding"
 drop the request
discard
                HTTP::redirect "/erreur/403.php"
}
    }
}&nbsp;
Thanks
Guillaume&nbsp;

nitass · Answer

Is there a way the except the requests to dav: ?&nbsp;

you can check uri. when it matches, exit from the event using return command.&nbsp;
return&nbsp;
https://devcentral.f5.com/wiki/iRules.return.ashx&nbsp;

vola_144433 · Answer

Thanks ! is something like could work ?&nbsp;
if { (string tolower [HTTP::uri] starts_with "/alfresco") and not ([string tolower [HTTP::uri]] starts_with "/alfresco/webdav") }&nbsp;

nitass · Answer

this is just one of examples.
when HTTP_REQUEST { 
  if { [HTTP::uri] starts_with "/alfresco/webdav" } {
    return
  }

if { ([HTTP::uri] starts_with "/alfresco") } { 
     Check if the client IP is not part of the datagroup hosts/networks 
    if { not ([matchclass [IP::client_addr] equals allowed_clients_alfresco]) } { 
       Log dropped requests 
      log local0. "Invalid client IP: [IP::client_addr] - discarding" 
       drop the request 
      discard 
      HTTP::redirect "/erreur/403.php" 
    } 
  } 
}

vola_144433 · Answer

Thanks. Is there a way to do the same using the HTTP Header of the request ?&nbsp;
Is there a way to detect the dav:// protocol ?&nbsp;
G.&nbsp;

nitass · Answer

Is there a way to do the same using the HTTP Header of the request ?&nbsp;

you may try HTTP::header.&nbsp;
HTTP::header&nbsp;
https://devcentral.f5.com/wiki/iRules.HTTP__header.ashx&nbsp;

Is there a way to detect the dav:// protocol ?&nbsp;

are these helpful?&nbsp;
sol13285: Support for WebDAV in a BIG-IP LTM HTTP profile (11.x)&nbsp;
https://support.f5.com/kb/en-us/solutions/public/13000/200/sol13285&nbsp;
Disabling HTTP Processing For Unrecognized HTTP Methods by Deb&nbsp;
https://devcentral.f5.com/wiki/iRules.DisablingHTTPProcessingForUnrecognizedHTTPMethods.ashx&nbsp;

Forum Discussion

IPs filtering

5 Replies

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

Unblock Request WAF

F5OS login with admin/root failed via console

TLS handshake failure from BIG-IP to backend – Fatal Alert: Decode Error (Server SSL)

Share what you learned on DevCentral in 2025

Failing over Virtual F5 VE to DR location using Zerto

Related Content

Automating Certificate Management on F5 BIG-IP

F5 BIG-IP Multi-Site Dashboard

What's new in BIG-IP v21.0?

Introducing the F5 AI Assistant for BIG-IP

BIG-IP security hardening and compliance checks

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS