Forum Discussion
mike_89584
Nimbostratus
NimbostratusiRule help
Hi I have two separate irules - one to restrict access to certain IPs and one to force basic authentication, and I now find that I need to combine the two, that is allow certain IPs to a VIP (or fold...
Hi,
haven't understand quite well your requirement. Here the new try :
when HTTP_REQUEST { if { [IP::client_addr] eq "xxx.xxx.xxx.xxx" } { pool Pool_my_pool.com } else { binary scan [md5 [HTTP::password]] H* password if { [class lookup "[HTTP::username]" local_user_dgroup] equals $password } { log local0. "User [HTTP::username] has been authorized to access virtual server [virtual name]" } else { log local0. "User [HTTP::username] has been denied access to virtual server [virtual name]" HTTP::respond 401 WWW-Authenticate "Basic realm=\"Secured Area\"" } } }
Yann_Desmarest
Cirrus
CirrusHi,
Try this way :
when HTTP_REQUEST {
if { [IP::client_addr] eq "xxx.xxx.xxx.xxx" } {
binary scan [md5 [HTTP::password]] H* password
if { [class lookup "[HTTP::username]" local_user_dgroup] equals $password } {
log local0. "User [HTTP::username] has been authorized to access virtual server [virtual name]"
pool Pool_my_pool.com
} else {
log local0. "User [HTTP::username] has been denied access to virtual server [virtual name]"
HTTP::respond 401 WWW-Authenticate "Basic realm=\"Secured Area\""
}
} else {
drop
}
}
mike_89584Nimbostratus
NimbostratusHi Yann
Thanks for your idea - that is not quite what I'm after...
What I am trying to do is restrict the VIP by the basic authentication to all traffic, EXCEPT from traffic from particular IPs which would bypass the authentication entirely and be directed to the pool of my choice without the need to authenticate. I am not looking to drop requests
Many thanks