iRule help to restrict access to particular URI on vserver

Question

I've been asked to restrict access to a site's "/admin" page to only the networks/IPs used by support techs. I was thinking a redirect to the primary site ("mysite.com" for the example) for such traffic would work fine, using an irule to do it.&nbsp;
Basically... When an HTTPS request containing "mysite.com/admin" comes in, and it's NOT coming from 175.100.50.0 OR 200.20.10.18 (example IPs, btw), then redirect to ";&nbsp;
Can any of the iRule senseis help me?&nbsp;
Thanks!&nbsp;

jaikumar_f5 · Answer

Hey Alan,
Try this, make sure you create a Datagroup of admin_ips and add your require subnets in there, you can change the operator "starts_with" to something else (equals/contains) to match your requirements in future.
when HTTP_REQUEST {
    if { [HTTP::uri] starts_with "/admin" and (![class match [IP::remote_addr] equals admin_ips]) } { 
        HTTP::redirect "https://mysite.com"
    }   
}

snl · Answer

ensure to add stringtolower to avoid case sensitive bypass
when HTTP_REQUEST {
    if { [string tolower [HTTP::uri] starts_with "/admin" and (![class match [IP::remote_addr] equals admin_ips]) } { 
        HTTP::redirect "https://mysite.com"
    }   
}

Forum Discussion

iRule help to restrict access to particular URI on vserver

Recent Discussions

Can i apply ddos profile on virtual server using port range

I used the wrong email account when take Application Delivery Exam (101)

F5 iControl REST API - viewBy Parameter Issue in Analytics Report

'F5 rules for AWS WAF' ruleset not working for jsp web shell attack

Disable ssl or https for the embed url

Related Content

Office 365 Tenant Restrictions

SSL Orchestrator Advanced Use Cases: Enabling GCloud Organization Restrictions

python f5-vserver-tool

Big-IP Reporting? Vserver traffic stats, etc.?

F5 iRule Geolocation restriction

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS