Forum Discussion
CirrusiRule command to allow IP range to access specific URL
Hi,
We are having a project that require us to allow only set of IP ranges to access specific URL. May I know if this is possible via iRule?
I resolved the issue by using the LTM Policy instead of the iRule.
11 Replies
OzzyCirrostratus
hello ,
yes it is possible.. here is the example..
when HTTP_REQUEST {
set srcip [IP::client_addr]
if { [HTTP::header exists "X-Forwarded-For"] } {
set srcip [HTTP::header "X-Forwarded-For"]
#log local0. "USER-SOURCE $srcip"
}
if { [HTTP::path] starts_with "/xzy" } {
switch $srcip {
"13.174.130.182" -
"31.121.101.157" -
"35.77.107.183" {
ACCESS::disable
}
}
}
}
jayson27Hi,
Can you tell me if below is correct?
if { [HTTP::path] starts_with "/xzy" } { <<<<<<<<< URL
switch $srcip {
"13.174.130.182" - <<<<<<<<<<<<<<<<< IPs Allowed?
"31.121.101.157" -
"35.77.107.183" {
ACCESS::disable <<<<<<<<<<<<<<<<< Action?- Ozzy
hello Jayson27,
it is just an example ...
instead of ACCESS::disable .. you can user "reject" or
HTTP::respond 403 content {
<html>
<head><title>403 Forbidden</title></head>
<body>
<h1>403 Forbidden</h1>
<p>Access denied: Your IP address does not have permission to access this resource.</p>
</body>
</html>
} Content-Type "text/html"
# ends the connection
reject
}
- Aswin_mk
MVP
you can use this if you want to block any specific ip to a vip - Restricting access to a virtual server by IP subnet (f5.com)
or please let me know if its only specific to urls?
In the long run it would be easier to use irule data groups so you can adding urls and IPs without touching the irule
- jayson27
I resolved the issue by using the LTM Policy instead of the iRule.
