Forum Discussion
Nimbostratusirule allowing access from multiple subnets
Hi group,
I'm using the below irule to block access to a file called "sales_new" for everyone except if you're coming from the 10.0.0.0/8. This irule is working perfectly. But now I need to add the 172.16.0.0/12 subnet to the irule...so I would be allowing access from 10.0.0.0/8 and 172.16.0.0/12. Having troubles adding the other 172.16.0.0 subnet to the irule. Since I'm not the best irule coder yet...any suggestions? Thanks in advance
when HTTP_REQUEST { log local0. "Client IP: [IP::client_addr]" log local0. "URI: [HTTP::uri]" if { ([HTTP::uri] contains "/Sales_New" ) and not ( [IP::addr "10.0.0.0 mask 255.0.0.0" equals [IP::client_addr]] ) } { log local0. "dropped" reject }
}
1 Reply
dragonflymrCirrostratus
Hi,
Just change it to, probably not the best code around but should work:
when HTTP_REQUEST { log local0. "Client IP: [IP::client_addr]" log local0. "URI: [HTTP::uri]" if { ([HTTP::uri] contains "/Sales_New" ) and not ( [IP::addr "10.0.0.0 mask 255.0.0.0" equals [IP::client_addr]] or [IP::addr "172.16.0.0 mask 255.240.0.0" equals [IP::client_addr]]) } { log local0. "dropped" reject } }
