Forum Discussion
NimbostratusiRule block access to url list with data groups
NoctilucentHello.
You don't need to use static variables.
Try this ->
when CLIENT_ACCEPTED {
if { not [class match [IP::client_addr] equals ALLOWED_IP_LIST] } {
drop
}
}
when HTTP_REQUEST {
if { [class match [HTTP::uri] starts_with RESTRICTED_URL_LIST] } {
drop
}
}KR.
Dario.
Nimbostratushi Dario,
thanks for the help, i have a comment here if i use the posted irule it will block external users for all URLs, and it will block all users from accessing RESTRICTED_URL_LIST
the requirement is:
block external users from accessing RESTRICTED_URL_LIST and allow them to access anything else.
internal users should have access to RESTRICTED_URL_LIST and to anything else.
i believe if we can add and condition like below it will achieve the requirement
if { not [class match [IP::client_addr] equals ALLOWED_IP_LIST] } and if { [class match [HTTP::uri] starts_with RESTRICTED_URL_LIST] } then drop
- Dario_Garrido
The you can use some code like this ->
when HTTP_REQUEST { if { not [class match [IP::client_addr] equals ALLOWED_IP_LIST] and [class match [HTTP::uri] starts_with RESTRICTED_URL_LIST] } { drop } }You can implement this also using policies which are more efficient than irules. I share with you some doc:
BTW, if my answer was helpful, please don't forget to mark my answer as "the best" of give me some upvote.
KR,
Dario.
