For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Mark_Gallagher's avatar
Mark_Gallagher
Icon for Altocumulus rankAltocumulus
Nov 01, 2019

iRule to protect a URI pattern by subnet?

Good day, I have been trying several approaches on BIG-IP/LTM 12.1.3.7 to achieve the following goal: A VIP listens on an IP where most of the traffic is bound for web content, let's say https:...
application delivery
BIG-IP
iRules
JG's avatar
JG
Icon for Cumulonimbus rankCumulonimbus
Nov 02, 2019

Try the following:

when HTTP_REQUEST {
    if { ([string tolower [HTTP::uri]] starts_with "/admin") && not ([IP::addr [IP::client_addr] equals 192.168.0.0/16]) } {
        drop
    } else {
        pool prd-pl-company
    }
}

.

Mark_Gallagher's avatar
Mark_Gallagher
Icon for Altocumulus rankAltocumulus
Nov 04, 2019

Thanks for the input JG. I did try this (also with an exclamation point outside the parentheses) and it doesn't seem to match. I have definitely been able to get the match to work with a large list of /32 addresses, but never the /16.

This what I tried as far as what they were recommending in a KB for efficient subnet matching:

when HTTP_REQUEST {
 if {( [string tolower  [HTTP::uri]] contains "/admin") && (not[IP::addr [IP::remote_addr] equals 192.168.0.0/255.255.0.0])} { 
        HTTP::respond 503 content {