For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Kevhed's avatar
Kevhed
Icon for Nimbostratus rankNimbostratus
Jun 05, 2017

irule allowing access from multiple subnets

Hi group,   I'm using the below irule to block access to a file called "sales_new" for everyone except if you're coming from the 10.0.0.0/8. This irule is working perfectly. But now I need to ad...
iRules
security
dragonflymr's avatar
dragonflymr
Icon for Cirrostratus rankCirrostratus
Jun 05, 2017

Hi,

 

Just change it to, probably not the best code around but should work:

 

when HTTP_REQUEST {
    log local0. "Client IP: [IP::client_addr]"
    log local0. "URI: [HTTP::uri]"
    if { ([HTTP::uri] contains "/Sales_New" ) and not ( [IP::addr "10.0.0.0 mask 255.0.0.0" equals [IP::client_addr]] or [IP::addr "172.16.0.0 mask 255.240.0.0" equals [IP::client_addr]]) } {
    log local0. "dropped"
    reject
    } 
}