Forum Discussion
Nimbostratusirule to permit url by external host,
Need to write an irule that will permit two public IP's to specific uri, but still allow all other access to site. For example... Public facing access to VIP" 10.1.1.100 (https://mysite.com) But if you are public wanting to go to https://mysite.com/books and your comming from 55.66.77.88 or 66.77.88.99 then its ok. Otherwise you go to https://mysite.com
11 Replies
This is a short replacement for a URI ACL. This iRule has one iRule Data Group List which contains the URI in question with a value of the allowed IP Addresses. So each listed URI can have predefined number of IP Addresses allowed.
when HTTP_REQUEST { if { [class match [string tolower [HTTP::path]] starts_with URL_paths] } { set ip_access_datagroup [class match -value [string tolower [HTTP::path]] starts_with URL_paths] log local0. " filter $ip_access_datagroup" if { ![class match [IP::client_addr] equals $ip_access_datagroup]} { log local0. " IP Adress deny" HTTP::redirect "https://mysite.com" } return } }- Kevin_Stewart
Employee
With a single URI and two IPs, it might be just as easy to do it all in the iRule:
when HTTP_REQUEST { if { ( [string tolower [HTTP::uri]] starts_with "/books" ) and not ( ( [IP::addr [IP::client_addr] equals "55.66.77.88"] ) or ( [IP::addr [IP::client_addr] equals "66.77.88.99" )) { HTTP::redirect "https://[HTTP::host]/" } } 
Gill_32697Ok, Kevin I like your rule, but im getting a error missing bracket in line 1 & 2. I've run it through iRule editor but can find where or what bracket is missing.
when HTTP_REQUEST { if { ( [string tolower [HTTP::uri]] starts_with "/books" ) and not ( ( [IP::addr [IP::client_addr] equals "55.66.77.88"] ) or ( [IP::addr [IP::client_addr] equals "66.77.88.99" )) { HTTP::redirect "https://[HTTP::host]/" } }
- Kevin_Stewart
It is missing a closing square bracket directly after "66.77.88.99".
- Gill_32697
still getting error, ive tried various variations. but still getting errir in irule editor.
when HTTP_REQUEST { if { ( [string tolower [HTTP::uri]] starts_with "/books" ) and not ( ( [IP::addr [IP::client_addr] equals "55.66.77.88"] ) or ( [IP::addr [IP::client_addr] equals "66.77.88.99"] )) { HTTP::redirect "https://[HTTP::host]/" } }
- Gill_32697
still getting missing bracket. I can't figure out where bracket it's missing.
when HTTP_REQUEST { if { ( [string tolower [HTTP::uri]] starts_with "/books" ) and not ( ( [IP::addr [IP::client_addr] equals "55.66.77.88"] ) or ( [IP::addr
[IP::client_addr] equals "66.77.88.99"] or ( [IP::addr [IP::client_addr]
equals "77.88.99.10"])) { HTTP::redirect "https://[HTTP::host]/" } } - Kevin_Stewart
Still a few typos. Please try this slightly different version:
when HTTP_REQUEST { if { ( [string tolower [HTTP::uri]] starts_with "/books" ) } { if { not ( [IP::addr [IP::client_addr] equals "55.66.77.88"] ) or not ( [IP::addr [IP::client_addr] equals "66.77.88.99"] or not ( [IP::addr [IP::client_addr] equals "77.88.99.10"] ) } { HTTP::redirect "https://[HTTP::host]/" } } } - Gill_32697
Kevin, I appreciate you help with this irule. Gives error below..
Line 3: [parse error: PARSE syntax 281 {syntax error in expression " not ( [IP::addr [IP::client_addr] equals "55.66.77.88"] ) o...": looking for close parenthesis}] [{ not ( [IP::addr [IP::client_addr] equals "55.66.77.88"] ) or not ( [IP::addr [IP::client_addr] equals "66.77.88.99"] or not ( [IP::addr [IP::client_addr] equals "77.88.99.10"1�2V}]
- Gill_32697
Kevin, I appreciate you help with this irule. Gives error below.. Also FYI, this ltm is located on a DMZ, the client IP are external from the Internet..would it even show up?
Line 3: [parse error: PARSE syntax 281 {syntax error in expression " not ( [IP::addr [IP::client_addr] equals "55.66.77.88"] ) o...": looking for close parenthesis}] [{ not ( [IP::addr [IP::client_addr] equals "55.66.77.88"] ) or not ( [IP::addr [IP::client_addr] equals "66.77.88.99"] or not ( [IP::addr [IP::client_addr] equals "77.88.99.10"1�2V}]
- Gill_32697
Kevin, I Got working. Thank you.
