iRule to restrict access on combinations of URI's / source addresses

jaikumar_f5

MVP

Aug 14, 2018

Please try the below, I assume the datagroups you referred are the IP type.

Assume you have 2 datagroups where the whitelisted IP's are present.

If Users coming from datagroup1 send requests starting with URI "/uri1/" it will allow.
If Users coming from datagroup2 send requests starting with URI "/uri2/" it will allow.

Below are the referenced datagroups that were called in the Irule.

ltm data-group internal datagroup1 {
    records {
        20.20.20.20/32 { }
    }
    type ip
}
ltm data-group internal datagroup2 {
    records {
        10.10.10.12/32 { }
    }
    type ip
}

Irule:

ltm rule test-jai-uri {
    when HTTP_REQUEST {
    if {([class match -- [IP::client_addr] equals datagroup1] && [HTTP::uri] starts_with "/uri1/") || ([class match -- [IP::client_addr] equals datagroup2] && [HTTP::uri] starts_with "/uri2/")}{
    log local0. "Success log"
    HTTP::respond 200 content {200 SUCCESS}
    } else {
    log local0. "Failure log"
    HTTP::respond 403 content {403 Unauthorized}
    }
    }
    }

A tip: you can test any case scenario by just using simple logging and http respond options to know if your irule is working or not. I tested in my env and it works.

Forum Discussion

iRule to restrict access on combinations of URI's / source addresses

Recent Discussions

What is the meaning is 52% block in WAF

Rundeck ansible F5 errors

rewrite Azure AD response for portal access via web portal

AS3 Monitoring multiple ports selectively

Open Redirection Mitigation

Related Content

Restricting Access to Virtual from client IP address in X-Forwarder-For HTTP header

Office 365 Tenant Restrictions

SSL Orchestrator Advanced Use Cases: Enabling GCloud Organization Restrictions

Restricting access to a virtual server by Public IP address should access through only domain name.

CSV to Address External Datagroup File