Forum Discussion
edel1826_339422
Nimbostratus
NimbostratusiRule - Restricting IP addresses for a portion of URI
This iRule was originally meant to Allow only the IP addresses within the specified Data Group when visiting URI containing "/DEVCENTRAL". Every other IP not in the Data Group would get a 403 - Forbidden. (this part of the script isn't included)
Now, I need to allow access to "/DEVCENTRAL/SITE/TEST" from ALL IPs, while still restricting access to the "/DEVCENTRAL" portion of the URI via Data Group. Is this possible? If so, how can I best accomplish this?
Full URL example: https://www.abc.com/DEVCENTRAL/SITE/TEST
when HTTP_REQUEST {
if the uri is the one we are protecting with the white list if { [HTTP::uri] contains "/DEVCENTRAL" } { if [class match [IP::client_addr] equals dg_iplimit_DEVCENTRAL] { do nothing if we are in the white list, thus picking the Data Group specified above } else {So basically you need to allow access to all uri containing "devcentral" word, from specific IPs only, unless "/devcentral/site/test", in which case, access should be allowed to all IPs.
I think there are few ways. One possibility is:
A :: the uri contains "devcentral"
B :: the uri is different from "/devcentral/site/test"
C :: the client IP does not match the IP listif [(A && B) && C] {
403 deny access
}
Gonzalex_330537Cirrostratus
So basically you need to allow access to all uri containing "devcentral" word, from specific IPs only, unless "/devcentral/site/test", in which case, access should be allowed to all IPs.
I think there are few ways. One possibility is:
A :: the uri contains "devcentral"
B :: the uri is different from "/devcentral/site/test"
C :: the client IP does not match the IP listif [(A && B) && C] {
403 deny access
}