Forum Discussion
James_48517
Altostratus
AltostratusiRule to only allow certain IP addresses to a hostname
I am working on an irule that will only allow a certain set of IP addresses to talk to a specific set of hostnames. I want it to keep processing the rest of the irules in the list if it doesn't match...
okay so my original issue was my own fault. I had the address I was being NAT'd to wrong, after correcting that the original rule worked and so did this one, which is more concise thanks to Filip Mikulík.
when HTTP_REQUEST { if { ( ![class match [IP::client_addr] equals client_net]) and ([class match [string tolower [HTTP::host]] equals client_hostname])} { log local0. "Block IP [IP::client_addr]:[TCP::client_port] for Client" HTTP::respond 404 content "Sorry the requested page is blocked for your IP [IP::client_addr]:[TCP::client_port]" "Content-type" "text/html; charset=utf-8" } }OR this
when CLIENT_ACCEPTED { if { not [class match [IP::client_addr] equals client_net]} { set allowed_ip 0 } else { set allowed_ip 1 } when HTTP_REQUEST { if { [class match [string tolower [HTTP::host]] equals client_hostname]} { if {$allowed_ip==0}{ drop log local0. "Block IP [IP::client_addr]:[TCP::client_port] for Client" } } }
Filip_Mikulík_1
Cirrus
CirrusI hope that I understand your task correctly. Try
when HTTP_REQUEST {
if { ( ![class match [IP::client_addr] equals client_net] ) and ( class match [string tolower [HTTP::host]] equals client_hostname )} {
log local0. "Block IP [IP::client_addr]:[TCP::client_port] for Client"
HTTP::respond 404 content "Sorry the requested page is blocked for your IP [IP::client_addr]:[TCP::client_port]" "Content-type" "text/html; charset=utf-8"
}
}
James_48517Altostratus
AltostratusOkay, I figured out the syntax issue, it just wanted a few more brackets on the second class match, but otherwise this rule works and so does my original rule, I just had my IP address wrong when I was testing it. Thanks.