For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

netw's avatar
netw
Icon for Nimbostratus rankNimbostratus
Apr 21, 2024

Irule for Host block with custom ASM violation

Dears,

 

I have following scenarios, 

1. if Traffic from Internal user/IP --- > Allow connection 

2. Traffic from internet
2.1) Block access only on Host name ( URL ), That is -----> https://XYZ.com
2.2) Allow access to URI's, Thats is ------- > https://XYZ.com/abc or https://XYZ.com/*

 

 

I tried multiple way and find some solution but its not working. Its great if some one helps here

 

when HTTP_REQUEST {
    set reqBlock 0
    if {[string tolower [HTTP::host]] eq "XYZ.Google.com" && [IP::addr [IP::client_addr] equals "10.0.0.0/8"]} {
        log local0. "[IP::client_addr] triggered geo"
        set reqBlock 1
    }
}

when ASM_REQUEST_DONE {
    if {$reqBlock == 1} {
        ASM::raise VIOLATION_URL_GEOLOCATION
    }
}

 

asm
iRules

1 Reply

  • JRahm's avatar
    JRahm
    Icon for Admin rankAdmin
    Oct 15, 2024
    when HTTP_REQUEST priority 500 {
    if { ([IP::addr [IP::client_addr] equals 10.0.0.0/8]) || ([HTTP::host] == "xyz.com") } {
        return
    } else {
        HTTP::respond 403 content "Access Denied"
    }
}

    Strictly with an iRule, this should be close to what you need to allow requests from 10/8 to any host or require host xyz.com. If you have ASM, you can configure this in the policy and you shouldn't need an iRule at all.