irule to allow specific url and drop everything else base on src ip

Question

Hello,&nbsp;
Need help to add some condition to work irule,&nbsp;
I have irule that deny access to uri that contains "admin" "login" and "mydb"
From all ip address except my ip&nbsp;
This the irule: (work)
when HTTP_REQUEST {&nbsp;
check the Class to determine if it's not alloweddeny access to site /admin and /login from external ip addressAllow only my ip address to connect site /admin and /login
if {[HTTP::uri] contains "admin" || [HTTP::uri] contains "login" || [HTTP::uri] contains "mydb"} {
if {not[class match [IP::client_addr] equals my_ip_Address] } {
log local0. "dropped connection my ip address[IP::client_addr]"
reject }
}
}&nbsp;
Now i need to add to this irule:
allow all to reach url site.domain.com that contains uri /xxx/yyy/zzz
and after that above url.&nbsp;
Thanks&nbsp;

jad_tabbara__j1 · Answer

Hello,
Try this 
   when HTTP_REQUEST {

if {[HTTP::uri] contains "admin" || [HTTP::uri] contains "login" || [HTTP::uri] contains "mydb"} { 
    if {not[class match [IP::client_addr] equals my_ip_Address] } { 
    log local0. "dropped connection my ip address[IP::client_addr]" 
    reject 
   } 
 }

if { !(([string tolower [HTTP::host]] eq "site.domain.com") and ([HTTP::path] starts_with "/xxx/yyy/zzz")) } {
  log local0. "rejected request [HTTP::uri] for client [IP::client_addr]"
  reject
  }
}

Forum Discussion

irule to allow specific url and drop everything else base on src ip

Recent Discussions

Diameter iRules attachment?

Source IP F5 DNS Zone Forwarder

F5 BIG-IP

BIG-IP Oauth Client and AS

How to Renew F5 Device Certificate

Related Content

Installing and Locking a Specific Version of F5 NGINX Plus

HTTP 2.0 changes everything

iRule to Force Source IP to Specific Backend Node

Unplug Everything!

Everything old is still happening - May 15th - 21st, 2023 - F5 SIRT - This Week in Security

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS