For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Seckin_149390's avatar
Seckin_149390
Icon for Nimbostratus rankNimbostratus
Sep 09, 2016

Irule for Uri and Client IP address.

Hi all,   I want to write irule to check according to both uri and client ip address and here is my test irule ;   when HTTP_REQUEST { if { ([HTTP::uri] contains "/eqwebservice") and ([class ma...
application delivery
LTM
Seckin_149390's avatar
Seckin_149390
Icon for Nimbostratus rankNimbostratus
Sep 19, 2016

Hi,

 

First of all, thanks for you swift response. Third line in the irule, if it is not match with the related datagroup must be dropped. So that, this line must be written like this, please correct me if i am wrong ;

 

if { $httpUri starts_with "/eqwebservice" && $clientIp not equals "" }

 

There is also one thing you should care about it, if the Uri is different from /eqwebservice must be forward to the pool without a problem. For example ;

 

www.test.com/abc ( this uri must be forward to the pool )

 

Can your irule do this ?

 

Best Regards,

 

  • ekaleido's avatar
    ekaleido
    Icon for Cirrus rankCirrus
    Sep 19, 2016

    Yessir.

     

  • Seckin_149390's avatar
    Seckin_149390
    Icon for Nimbostratus rankNimbostratus
    Sep 20, 2016

    Hi Thanks,

     

    I wrote a irule like this and it seems that ok now ;

     

    when HTTP_REQUEST { set HttpUri [HTTP::uri] set ClientIp [class match -value [IP::client_addr] equals allowed_ip_addresses] if { ([HTTP::uri] starts_with "/eqwebservice") && (![class match [IP::client_addr] equals allowed_ip_addresses]) } { log local0. "Invalid client IP : [IP::client_addr] ==> TCP connection will be dropped...!!!" drop

     

    } else { log local0. "Valid client IP or http uri: [IP::client_addr] ==> forwarding traffic..." pool web1_pool } }