irule allowing access from multiple subnets

Question

Hi group,&nbsp;
I'm using the below irule to block access to a file called "sales_new" for everyone except if you're coming from the 10.0.0.0/8.  This irule is working perfectly.  But now I need to add the 172.16.0.0/12 subnet to the irule...so I would be allowing access from 10.0.0.0/8 and 172.16.0.0/12.  Having troubles adding the other 172.16.0.0 subnet to the irule.  Since I'm not the best irule coder yet...any suggestions?  Thanks in advance&nbsp;
when HTTP_REQUEST {
                log local0. "Client IP: [IP::client_addr]"
                log local0. "URI: [HTTP::uri]"
                if { ([HTTP::uri] contains "/Sales_New" ) and not ( [IP::addr "10.0.0.0 mask 255.0.0.0" equals [IP::client_addr]] ) } {
                                log local0. "dropped"
                                reject
                }            &nbsp;
}&nbsp;

dragonflymr · Answer

Hi,&nbsp;Just change it to, probably not the best code around but should work:&nbsp;when HTTP_REQUEST {
    log local0. "Client IP: [IP::client_addr]"
    log local0. "URI: [HTTP::uri]"
    if { ([HTTP::uri] contains "/Sales_New" ) and not ( [IP::addr "10.0.0.0 mask 255.0.0.0" equals [IP::client_addr]] or [IP::addr "172.16.0.0 mask 255.240.0.0" equals [IP::client_addr]]) } {
    log local0. "dropped"
    reject
    } 
}

Forum Discussion

irule allowing access from multiple subnets

Recent Discussions

In Radius auth, how to allow second attempt of token input when the first input is incorrect?

Need Urgent BIGIP Trial License and VM Image

APM for banner and cert

How to Renew F5 Device Certificate

UCS backup not loading Big IP DNS pool

Related Content

Using Client Subnet in DNS Requests

Implementing Client Subnet DNS Requests

Implementing Client Subnet in DNS Requests

F5 Distributed Cloud – Multiple custom certificates for HTTP/TCP LB

Multiple Kubernetes Clusters and Path-Based Routing with F5 Distributed Cloud

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS