irule to block URL to specific source IP

Question

I'm trying to block all URLs except "/cvs/chn.website.cvs.Account_1.0?wsdl" to source IP address 192.168.100.201.But until now 192.168.100.201 is still able to access other URLs like if the irule doesn't exists (trying below two irules codes): &nbsp;
https://prodfmw-osb.bm.com.lb/OmegaIntegration/proxy/BankMedOmegaIntegrationWS?wsdl (still opening not a normal behavior)&nbsp;
https://prodfmw-osb.bm.com.lb/cvs/chn.website.cvs.Account_1.0?wsdl (still opening its normal)&nbsp;
irule 1 :
when HTTP_REQUEST {
if {[IP::client_addr] equals "192.168.100.201" }{
        if {[string tolower [HTTP::uri]] ne "/cvs/chn.website.cvs.account_1.0?wsdl" } {
            drop
    }
}
}&nbsp;
irule 2 :
when HTTP_REQUEST { 
    if { ([HTTP::uri] ne "prodfmw-osb.bm.com.lb/cvs/chn.website.cvs.Account_1.0?wsdl") 
    and ([IP::client_addr] equals "192.168.100.201")} { 
        reject 
    }
}&nbsp;

lee_sutcliffe · Answer

I've amended your first iRule to log at various stages of execution. 
Please could you try the rule and post your log entries. 
when HTTP_REQUEST { 
    log local0. "CLIENT IP: [IP::client_addr] URI: [HTTP::uri]"
    if {[IP::client_addr] equals "192.168.100.201"}{ 
        log local0. "FIRST IF"
        if {[string tolower [HTTP::uri]] ne "/cvs/chn.website.cvs.account_1.0?wsdl"} { 
            log local0. "SECOND IF"
            drop 
        } 
    } 
}

Forum Discussion

irule to block URL to specific source IP

Recent Discussions

Diameter iRules attachment?

Source IP F5 DNS Zone Forwarder

F5 BIG-IP

BIG-IP Oauth Client and AS

How to Renew F5 Device Certificate

Related Content

iRule to Force Source IP to Specific Backend Node

Installing and Locking a Specific Version of F5 NGINX Plus

The Power of Source Address

Hey DeepSeek, can you write iRules?

Disabling Specific Weak Cipher Suites

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS