Forum Discussion
iRule command to allow IP range to access specific URL
Hi,
We are having a project that require us to allow only set of IP ranges to access specific URL. May I know if this is possible via iRule?
I resolved the issue by using the LTM Policy instead of the iRule.
- jayson27Cirrus
I resolved the issue by using the LTM Policy instead of the iRule.
In the long run it would be easier to use irule data groups so you can adding urls and IPs without touching the irule
- Aswin_mkCumulonimbus
you can use this if you want to block any specific ip to a vip - Restricting access to a virtual server by IP subnet (f5.com)
or please let me know if its only specific to urls?
- OzzyCirrus
hello ,
yes it is possible.. here is the example..
when HTTP_REQUEST {
set srcip [IP::client_addr]
if { [HTTP::header exists "X-Forwarded-For"] } {
set srcip [HTTP::header "X-Forwarded-For"]
#log local0. "USER-SOURCE $srcip"
}
if { [HTTP::path] starts_with "/xzy" } {
switch $srcip {
"13.174.130.182" -
"31.121.101.157" -
"35.77.107.183" {
ACCESS::disable
}
}
}
}- jayson27Cirrus
Hi,
Can you tell me if below is correct?
if { [HTTP::path] starts_with "/xzy" } { <<<<<<<<< URL
switch $srcip {
"13.174.130.182" - <<<<<<<<<<<<<<<<< IPs Allowed?
"31.121.101.157" -
"35.77.107.183" {
ACCESS::disable <<<<<<<<<<<<<<<<< Action?- OzzyCirrus
hello Jayson27,
it is just an example ...
instead of ACCESS::disable .. you can user "reject" or
HTTP::respond 403 content {
<html>
<head><title>403 Forbidden</title></head>
<body>
<h1>403 Forbidden</h1>
<p>Access denied: Your IP address does not have permission to access this resource.</p>
</body>
</html>
} Content-Type "text/html"
# ends the connection
reject
}
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com