Forum Discussion
kh1
Nimbostratus
NimbostratusIrule for Host block with custom ASM violation
Dears,
I have following scenarios,
1. if Traffic from Internal user/IP --- > Allow connection
2. Traffic from internet
2.1) Block access only on Host name ( URL ), That is -----> https://XYZ.com
2.2) Allow access to URI's, Thats is ------- > https://XYZ.com/abc or https://XYZ.com/*
I tried multiple way and find some solution but its not working. Its great if some one helps here
when HTTP_REQUEST {
set reqBlock 0
if {[string tolower [HTTP::host]] eq "XYZ.Google.com" && [IP::addr [IP::client_addr] equals "10.0.0.0/8"]} {
log local0. "[IP::client_addr] triggered geo"
set reqBlock 1
}
}
when ASM_REQUEST_DONE {
if {$reqBlock == 1} {
ASM::raise VIOLATION_URL_GEOLOCATION
}
}
- JRahm
Admin
when HTTP_REQUEST priority 500 { if { ([IP::addr [IP::client_addr] equals 10.0.0.0/8]) || ([HTTP::host] == "xyz.com") } { return } else { HTTP::respond 403 content "Access Denied" } }Strictly with an iRule, this should be close to what you need to allow requests from 10/8 to any host or require host xyz.com. If you have ASM, you can configure this in the policy and you shouldn't need an iRule at all.
