Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

Forum Discussion

Sabir_Alvi's avatar
Sabir_Alvi
Icon for Altocumulus rankAltocumulus
4 years ago

iRule to allow traffic based on certain URI and remote IP, allow all if URI doesn't match

I'm looking for an iRule that will be applied to a multitenant environment, where each client will have their own set of Authorised IPs. Our application will have a "common" URI in web requests for ...
devops
irules
LTM
spalande's avatar
spalande
Icon for Nacreous rankNacreous
4 years ago

It's not clear from the requirement if other host (other than starbucks.net) need any IP restrictions for certain uri, but considering they don't need it, we can simplify iRule as below. It also has mapping from host name to pool in the same iRule.

 

 

when HTTP_REQUEST {
    switch -glob [string tolower [HTTP::host]] {
	  "www.abc.com"
	   {
           pool www.abc.com_443
           }  
	   "starbucks.net"
	   {
	     pool starbucks.net_443
	   } default {
          reject
      }
    }
	switch -glob [string tolower [HTTP::uri]] {
 
    "/store/coffee/mug.html"	
	 {
	    if { [string tolower [HTTP::host]] eq "starbucks.net" and ![class match [IP::client_addr] equals datagroup_whitelist]} {
	     HTTP::respond 403 content "<html code for custom error page>"
	    } else {
	     return
	    }
	 } default {
          return
      }
    }
 }