Forum Discussion

BMeyering_10972's avatar
BMeyering_10972
Icon for Nimbostratus rankNimbostratus
Aug 14, 2012

irule to block file types from extenal client IP

Hi,We are attempting to create a irule to block external users from downloading sharepoint files.     Extenal user are connecting via external F5 v11.1 running APM/LTM. Access policy connects...
application delivery
dev
devops
iRules
hooleylist's avatar
hooleylist
Icon for Cirrostratus rankCirrostratus
Aug 14, 2012
Can you try this? 


when HTTP_REQUEST {
if { [IP::addr [IP::client_addr] equals x.x.x.166] and [string tolower [HTTP::host]] contains "devintdocs" } {
switch -glob [URI::decode [string tolower [HTTP::path]]] {
"*.xls" -
"*.xlsx" -
"*.doc" -
"*.docx" -
"*.ppt" -
"*.pptx" }{
HTTP::respond 200 content {
Apology Page
We are sorry, but the document you are attempting to access is restricted by Corporate Policy. 
If you feel you have reached this page in error, please contact your supervisor.
}
}
} else {
switch [HTTP::host] {
"devintportal" { pool sharepoint_devint_Pool1 }
"devintmy" { pool sharepoint_devint_Pool2 }
"devintdocs" { pool sharepoint_devint_Pool3 }
"devintteams" { pool sharepoint_devint_Pool4 }
"partners" { pool sharepoint_devint_Pool5 }
}
}
}

You might also want to add a check to see if the host is null or an IP address to the first check. Also make sure to add a OneConnect profile to the virtual server as you're selecting a pool in some cases but not all.

Aaron