For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

GairyS_265386's avatar
GairyS_265386
Icon for Nimbostratus rankNimbostratus
Oct 12, 2016

iRule to block URL by IP addresses in Network Firewall Address List

We are currently using an iRule to drop HTTP/HTTPS connections to Exchange (anything but OWA) using an iRule and a white list of IP addresses. We recently added an Office 365 connector, and now the white list is being updated monthly with adds/drops for IPs and ranges. Is it possible to create a list of IP addresses in the Network Firewall Address List, then reference that list in an iRule? I'm currently using a text file for the white list that I currently use "modify ltm data-group internal...." to modify. Or is there a way to use the Network Firewall to create a rule to allow /owa but block /ews and /rpc based on the white list?

 

AFM
application delivery
LTM
security

2 Replies

  • Jinshu's avatar
    Jinshu
    Icon for Cirrus rankCirrus
    Oct 12, 2016

    Not that I'm aware of. AFM and iRules are seperate.

     

    Datagroups are the best way to use the list in iRules and you are already using it.

     

    -Jinshu

     

  • arpydays's avatar
    arpydays
    Icon for Nimbostratus rankNimbostratus
    Oct 12, 2016

    you can use ACL::action to provide a level of irule interaction with AFM and change AFM ACL actions based on irule logic. So you may be able to have an AFM rule to drop certain traffic but override that if for example the source matched a whitelist checked from an irule.

     

    https://devcentral.f5.com/wiki/irules.acl__action.ashx