Forum Discussion
iRule for public IP access to specific section of my URL
I will need someone to validate this iRule for me, pls
Request: allow only a public IP or Subnet access to a section of my URL : https://xxx.xxx.com/xxx/* )
Many recommendations welcome.
after adding the ALLOW_x.x.x.x on Data Group List
when HTTP_REQUEST {
if {[HTTP::uri] eq "https://xxx.xxx.com/xxx/*"} {
if {![class match [IP::client_addr] equals ALLOW_x.x.x.x]} {
HTTP::respond 403 content "<html><body>Access not permitted</body></html>" Connection Close
TCP::close
}
}
}
- KerryCirrus
the reset traffic probably kills the TCP connections before the redirect happens. it not needed; things don't happen in the order listed. the "?" on the URL makes no sense to me. and i think the wrong slash in the redirect as well. using "start with" also means it can be removed. the "aspx" also could be as long as there no other "logon" on the site. in the VS status you can see which rules is being hit. i tend to use "host , host is ... and http path is ...", don't forget to use a web browser session (or new private window) on each test. irules and policies as matched when the TCP starts and web browsers keep it open well so any changes will not be seen. you need to drop to raw TCL if the quary string need to be passed. i.e tcl:/querytest2.html\?[HTTP::query]
- zamroni777Nacreous
you can use local traffic policy instead of irules for better performance and manageability.
there is no http respond but you can use http response redirect or tcp reset.- COf5Nimbostratus
- KerryCirrus
HTTP::uri only matches the path. i.e. /xxx/... depending on if you need the quarry string or not if you using http::url or HTTP:: path.
HTTP:host to match the host name. xxx.xxx.com
if {[HTTP::host] eq "xxx.xxx.com"} {
if {[HTTP::uri] starts_with "/xxx/"} {
search f5 irules http::url
search f5 irules http::host
search f5 irules if conditions
Web browser are hard to kickout once connected. no real need for the TCP close.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com