IPs filtering

Question

Hello (still newbie)&nbsp;
I have a rule that limits the access to /alfresco to a range of IP addresses. The access is limited to servers and IY users.&nbsp;
The pb is that I need to authorize the access to a particular URL = dav://MYHOST/alfresco/webdav/* for all end-users. Is there a way the except the requests to dav: ?&nbsp;
when HTTP_REQUEST {
 if { ([HTTP::uri] starts_with "/alfresco") }
    {
      Check if the client IP is not part of the datagroup hosts/networks
                if { not ([matchclass [IP::client_addr] equals allowed_clients_alfresco]) }{
 Log dropped requests
log local0. "Invalid client IP: [IP::client_addr] - discarding"
 drop the request
discard
                HTTP::redirect "/erreur/403.php"
}
    }
}&nbsp;
Thanks
Guillaume&nbsp;

nitass · Answer

Is there a way the except the requests to dav: ?&nbsp;

you can check uri. when it matches, exit from the event using return command.&nbsp;
return&nbsp;
https://devcentral.f5.com/wiki/iRules.return.ashx&nbsp;

vola_144433 · Answer

Thanks ! is something like could work ?&nbsp;
if { (string tolower [HTTP::uri] starts_with "/alfresco") and not ([string tolower [HTTP::uri]] starts_with "/alfresco/webdav") }&nbsp;

nitass · Answer

this is just one of examples.
when HTTP_REQUEST { 
  if { [HTTP::uri] starts_with "/alfresco/webdav" } {
    return
  }

if { ([HTTP::uri] starts_with "/alfresco") } { 
     Check if the client IP is not part of the datagroup hosts/networks 
    if { not ([matchclass [IP::client_addr] equals allowed_clients_alfresco]) } { 
       Log dropped requests 
      log local0. "Invalid client IP: [IP::client_addr] - discarding" 
       drop the request 
      discard 
      HTTP::redirect "/erreur/403.php" 
    } 
  } 
}

vola_144433 · Answer

Thanks. Is there a way to do the same using the HTTP Header of the request ?&nbsp;
Is there a way to detect the dav:// protocol ?&nbsp;
G.&nbsp;

nitass · Answer

Is there a way to do the same using the HTTP Header of the request ?&nbsp;

you may try HTTP::header.&nbsp;
HTTP::header&nbsp;
https://devcentral.f5.com/wiki/iRules.HTTP__header.ashx&nbsp;

Is there a way to detect the dav:// protocol ?&nbsp;

are these helpful?&nbsp;
sol13285: Support for WebDAV in a BIG-IP LTM HTTP profile (11.x)&nbsp;
https://support.f5.com/kb/en-us/solutions/public/13000/200/sol13285&nbsp;
Disabling HTTP Processing For Unrecognized HTTP Methods by Deb&nbsp;
https://devcentral.f5.com/wiki/iRules.DisablingHTTPProcessingForUnrecognizedHTTPMethods.ashx&nbsp;

F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

IPs filtering

5 Replies

F5 Container Ingress Services (CIS) and using k8s traffic policies to send traffic directly to pods

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

can't access on prem dns when using F5LTM as a gateway

Issue with TLS Version 1.1 Deprecated Protocol

Service discovery is not happening in AS3

Load balanced RDP VIP use in APM

Deleting an AS3 Tenant

Related Content

Automating Certificate Management on F5 BIG-IP

What's new in BIG-IP v21.0?

F5 BIG-IP Multi-Site Dashboard

Introducing the F5 AI Assistant for BIG-IP

Filtering traffic based on client ip address and URL

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS