Forum Discussion
jayson27
Cirrus
CirrusiRule command to allow IP range to access specific URL
Hi, We are having a project that require us to allow only set of IP ranges to access specific URL. May I know if this is possible via iRule?
I resolved the issue by using the LTM Policy instead of the iRule.
OzzyCirrus
Cirrushello ,
yes it is possible.. here is the example..
when HTTP_REQUEST {
set srcip [IP::client_addr]
if { [HTTP::header exists "X-Forwarded-For"] } {
set srcip [HTTP::header "X-Forwarded-For"]
#log local0. "USER-SOURCE $srcip"
}
if { [HTTP::path] starts_with "/xzy" } {
switch $srcip {
"13.174.130.182" -
"31.121.101.157" -
"35.77.107.183" {
ACCESS::disable
}
}
}
}
jayson27Hi,
Can you tell me if below is correct?
if { [HTTP::path] starts_with "/xzy" } { <<<<<<<<< URL
switch $srcip {
"13.174.130.182" - <<<<<<<<<<<<<<<<< IPs Allowed?
"31.121.101.157" -
"35.77.107.183" {
ACCESS::disable <<<<<<<<<<<<<<<<< Action?- Ozzy
hello Jayson27,
it is just an example ...
instead of ACCESS::disable .. you can user "reject" or
HTTP::respond 403 content {
<html>
<head><title>403 Forbidden</title></head>
<body>
<h1>403 Forbidden</h1>
<p>Access denied: Your IP address does not have permission to access this resource.</p>
</body>
</html>
} Content-Type "text/html"
# ends the connection
reject
}- jayson27
Hi,
the iRule config will be like this? Where can i include the allowed IP?
when HTTP_REQUEST {
set srcip [IP::client_addr]
if { [HTTP::header exists "X-Forwarded-For"] } {
set srcip [HTTP::header "X-Forwarded-For"]
#log local0. "USER-SOURCE $srcip"
}
if { [HTTP::path] starts_with "/bo/login/" } {
switch $srcip {
"13.174.130.182"
"31.121.101.157"
"35.77.107.183"{ HTTP::respond 403 content {
<html>
<head><title>403 Forbidden</title></head>
<body>
<h1>403 Forbidden</h1>
<p>Access denied: Your IP address does not have permission to access this resource.</p>
</body>
</html>
} Content-Type "text/html"
# ends the connection
reject
}
}
}
}
}