For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

bbensten_8485's avatar
bbensten_8485
Icon for Nimbostratus rankNimbostratus
Feb 26, 2014

Irule to inspect URI and then validate client is in allowed ip range?

Hello,   We are tying to write a simple Irule that will inspect uri to match a string and if that specific string matches, check that the client is coming from an allowed IP address range. We hav...
application delivery
BIG-IQ
deployment
devops
iRules
LTM
security
bbensten_8485's avatar
bbensten_8485
Icon for Nimbostratus rankNimbostratus
Feb 26, 2014

Kevin,

 

Thanks for your help. We modified that Irule with specifics as follows:

 

when HTTP_REQUEST { if { ( [string tolower [HTTP::uri]] equals "/OpenAM/UI/Login?module=DataStore" ) and not ( [IP::addr [IP::client_addr] equals "173.0.0.0/8"] ) } { reject } }

 

This does not reject still for some reason. Any idea what we are missing?

 

bbensten_8485's avatar
bbensten_8485
Icon for Nimbostratus rankNimbostratus
Feb 26, 2014
I am sure the irule is being called because if I use the following, it works every time: when CLIENT_ACCEPTED { if { ! [IP::addr [IP::client_addr] equals 173.79.131.23/24] } { log local0. "Blocking [IP::client_addr]" reject } }