Forum Discussion
CirrusiRule command to allow IP range to access specific URL
Hi,
We are having a project that require us to allow only set of IP ranges to access specific URL. May I know if this is possible via iRule?
I resolved the issue by using the LTM Policy instead of the iRule.
11 Replies
Ozzyhello ,
yes it is possible.. here is the example..
when HTTP_REQUEST {
set srcip [IP::client_addr]
if { [HTTP::header exists "X-Forwarded-For"] } {
set srcip [HTTP::header "X-Forwarded-For"]
#log local0. "USER-SOURCE $srcip"
}
if { [HTTP::path] starts_with "/xzy" } {
switch $srcip {
"13.174.130.182" -
"31.121.101.157" -
"35.77.107.183" {
ACCESS::disable
}
}
}
}
jayson27Hi,
Can you tell me if below is correct?
if { [HTTP::path] starts_with "/xzy" } { <<<<<<<<< URL
switch $srcip {
"13.174.130.182" - <<<<<<<<<<<<<<<<< IPs Allowed?
"31.121.101.157" -
"35.77.107.183" {
ACCESS::disable <<<<<<<<<<<<<<<<< Action?- Ozzy
hello Jayson27,
it is just an example ...
instead of ACCESS::disable .. you can user "reject" or
HTTP::respond 403 content {
<html>
<head><title>403 Forbidden</title></head>
<body>
<h1>403 Forbidden</h1>
<p>Access denied: Your IP address does not have permission to access this resource.</p>
</body>
</html>
} Content-Type "text/html"
# ends the connection
reject
}
- Aswin_mk
MVP
you can use this if you want to block any specific ip to a vip - Restricting access to a virtual server by IP subnet (f5.com)
or please let me know if its only specific to urls?
- Injeyan_Kostas
Cumulonimbus
In the long run it would be easier to use irule data groups so you can adding urls and IPs without touching the irule
- jayson27
I resolved the issue by using the LTM Policy instead of the iRule.
