For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

rouanon_150376's avatar
rouanon_150376
Icon for Nimbostratus rankNimbostratus
Apr 14, 2015

iRule Datagroup not equal

Dear all,

I'd like to do the following : a public address cannot access the /admin interface of a web server. Here's what I have so far :

when HTTP_REQUEST {
if { [class match [IP::remote_addr] not private_net] and [HTTP::uri] equals "/admin" } {
drop

}
}

Obviously this iRule doesn't pass the syntax check because "not" isn't accepted in this case, the bigip is waiting for either "contains" or "end_with" etc.

Now what is the best way to do this considering I need to keep my [HTTP::uri] equals "/admin" condition ?

Many thanks.

application delivery
BIG-IP Access Policy Manager (APM)
deployment
devops
iRules
LTM
security

2 Replies

  • kunjan's avatar
    kunjan
    Icon for Nimbostratus rankNimbostratus
    Apr 14, 2015

    Try this:

    when HTTP_REQUEST {
   if { (![class match [IP::remote_addr] eq private_net]) and [HTTP::uri] equals "/admin" } {
      drop
   }  
}