For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Sabir_Alvi's avatar
Sabir_Alvi
Icon for Altocumulus rankAltocumulus
Nov 26, 2021

iRule to allow traffic based on certain URI and remote IP, allow all if URI doesn't match

I'm looking for an iRule that will be applied to a multitenant environment, where each client will have their own set of Authorised IPs. Our application will have a "common" URI in web requests for ...
devops
iRules
LTM
spalande's avatar
spalande
Icon for Nacreous rankNacreous
Nov 30, 2021

It's not clear from the requirement if other host (other than starbucks.net) need any IP restrictions for certain uri, but considering they don't need it, we can simplify iRule as below. It also has mapping from host name to pool in the same iRule.

 

 

when HTTP_REQUEST {
    switch -glob [string tolower [HTTP::host]] {
	  "www.abc.com"
	   {
           pool www.abc.com_443
           }  
	   "starbucks.net"
	   {
	     pool starbucks.net_443
	   } default {
          reject
      }
    }
	switch -glob [string tolower [HTTP::uri]] {
 
    "/store/coffee/mug.html"	
	 {
	    if { [string tolower [HTTP::host]] eq "starbucks.net" and ![class match [IP::client_addr] equals datagroup_whitelist]} {
	     HTTP::respond 403 content "<html code for custom error page>"
	    } else {
	     return
	    }
	 } default {
          return
      }
    }
 }