For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Mark_Burchard_5's avatar
Mark_Burchard_5
Icon for Nimbostratus rankNimbostratus
Mar 21, 2006

iRule to limit access to webserver directory by client IP

Hi all,     First time posting here, and you'll probably laugh and shake your heads at this simple problem, but hopefully I'll learn. I have searched for similar iRules and can't seem to find t...
application delivery
dev
devops
iRules
Derek_Nelson_10's avatar
Derek_Nelson_10
Icon for Nimbostratus rankNimbostratus
May 18, 2006
Hi.

 

 

Also note a pitfall that I discovered when trying to do similar to this...

 

 

If you are using an oneconnect profile, be aware that it is possible for the source ip address to be translated BEFORE the iRule processes the client source (by design of oneconnect).

 

 

For example if you want to allow access to the 10. /8 network make sure your oneconnect profile has a 8-bit mask or more, rather than the default of 0-bit mask. Otherwise it is possible for connections to the /Example page will be re-directed if they are piggy-backed into an existing idle connection to that virtual server from a host with a different source ip address range.

 

 

e.g. if host 1.2.3.4 connects to /index.html, the connection goes idle, and then host 10.1.2.3 connects to /Example and one-connect re-uses the connection, the source ip address of the 10.1.2.3 client will be changed to 1.2.3.4 and your iRule will re-direct them...

 

 

Cheers,

 

- Derek.