Forum Discussion

ccraddock_33000's avatar
ccraddock_33000
Icon for Nimbostratus rankNimbostratus
Feb 22, 2018

iRule assistance

I have an iRule in my environment that was not written by me. This iRule is supposed to block anyone from an external IP from reaching the "heartbeat" page of our web servers. It is written as such: ...
BIG-IP
iRules
security
Dan_Bowman's avatar
Dan_Bowman
Icon for Cirrus rankCirrus
Feb 22, 2018

! is shorthand for "not", so yes any IP not in your datagroup will be blocked

For the extra page I'd consider using starts_with as it's more efficient than contains, and since you're doing a string tolower maybe set the lowercase path as a variable.

Something like this should do it

when HTTP_REQUEST { 
    set lcpath [string tolower [HTTP::path]]

    if { ($lcpath starts_with "/heartbeat") or ($lcpath starts_with "/health") } { 
    if { !([matchclass [IP::client_addr] equals private_net])} { 
     discard 
        }
     }
   }