Forum Discussion
NimbostratusIrule for URL- contents drop for all and allow for some IP add.
Hi Team, need irule for below query. we have URL: https://call.xyz.com and https://call.xyz.com/console/ so-I want to block- https://call.xyz.com/console/ from all internet and allow for specific IP only. ALso- https://call.xyz.com-- should be reachable to all..
Thanks for support.
MTNSEA_284360Hi Team,
Any feedback please
fgf_165674You can create a datagroup including the allowed IPs. For example, ip_allowed_datagroup
when CLIENT_ACCEPTED { if { not ( [class match [IP::client_addr] equals ip_allowed_datagroup] ) } { reject } }
- MTNSEA_284360
Hi, I did checked with this rule, but its blocked both URL- URL: https://call.xyz.com and https://call.xyz.com/console/.
I need to have https://call.xyz.com/console/. --available for some IP and https://call.xyz.com for all internet.
Can you check again..
- MTNSEA_284360
Hi, did below testing and working as per requiremnet:
when HTTP_REQUEST { if { [string tolower [HTTP::uri]] starts_with "/console" } { if { not [ class match [IP::client_addr] equals allowed_datagroup ] }{ HTTP::respond 404 noserver return } } }
- fgf_165674
Since the traffic is HTTPS, you must do SSL offloading in the load balancer.
when HTTP_REQUEST {
if { [string tolower [HTTP::uri]] starts_with "/console"} {
if { not ( [class match [IP::client_addr] equals ip_allowed_datagroup] ) } { reject } else { pool A }} else {
pool B
}
}
- MTNSEA_284360
Thanks FGF for your support, i will check.
JGCumulonimbus
You need to be careful if you are restricting access for reasons of security. Try and test the following:
when HTTP_REQUEST { if { [string tolower [URI::decode [HTTP::path]]] starts_with "/console"} { if { not ( [class match [IP::client_addr] equals acl_datagroup] ) } { reject } } }.