For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Icon for Nimbostratus rank

Nimbostratus

Mar 11, 2015

iRule catches /

Hi all, I'm trying to achieve the following If a client requests a uri that is listed in the data group denied_uris and the client ip is not from data group trusted_net send a 403 Here is my...

application delivery

BIG-IP Access Policy Manager (APM)

Icon for Nimbostratus rank

Nimbostratus

Mar 11, 2015

it doesn't work on my side :( I deleted all uris except one from the data group

data group

ltm data-group internal url_test {
    records {
        /geo/web { }
    }
    type string
}

the iRule

when HTTP_REQUEST {
  if { [class match [string tolower [HTTP::uri]] starts_with url_test] } {
     if { not ([class match [IP::client_addr] equals private_net])}{
     Block request
     HTTP::respond 403 content "URL Blocked"
    return
 }
}
}

I have no idea why it is not working, it's a pretty simple iRule Maybe I should open a support ticket...

Thanks Chris

Icon for Cirrocumulus rank

Cirrocumulus

Mar 11, 2015

Perhaps add some logging e.g. log local0. "Request: [HTTP::uri]" under HTTP_REQUEST

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

F5 Architecture Track Sessions - AppWorld 2026

DevCentral News

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5