Forum Discussion
NimbostratusiRule for IP Whitelist on specific URL
Sure an iRule for that isn't hard. The question is how will you get the whitelist on the BIGIP. If you use data groups you can update a whitelist directly in the GUI, but is that an interface you want to use for this. You can also use external data groups which are a file on the BIG-IP. This can be pushed/pulled from other sources and then loaded on the BIG-IP. If you have privatewhitelist address data group defined on the BIG-IP this would do the job.
when HTTP_REQUEST { if {[HTTP::uri] eq "/private"} { if {![class match [IP::client_address] equals privatelwhitelist]} { HTTP::respond 403 content "<html><body>Access not permitted</body></html>" Connection Close TCP::close } } }
NacreousSure an iRule for that isn't hard. The question is how will you get the whitelist on the BIGIP. If you use data groups you can update a whitelist directly in the GUI, but is that an interface you want to use for this. You can also use external data groups which are a file on the BIG-IP. This can be pushed/pulled from other sources and then loaded on the BIG-IP. If you have privatewhitelist address data group defined on the BIG-IP this would do the job.
when HTTP_REQUEST {
if {[HTTP::uri] eq "/private"} {
if {![class match [IP::client_address] equals privatelwhitelist]} {
HTTP::respond 403 content "<html><body>Access not permitted</body></html>" Connection Close
TCP::close
}
}
}
NimbostratusHi Kevin,
Thanks for this. An internal data group for this would be fine as the list is going to be fairly static. I have defined my Data Group but I'm getting an error on the iRule as follows.
01070151:3: [undefined procedure: IP::client_address][IP::client_address]
Any ideas what I did wrong here? It looks like my data group has not been recognised by the irule
