Forum Discussion
Gerald_Meese
Cirrus
CirrusiRule to restrict access on combinations of URI's / source addresses
Hello !
I've problems to write an iRule that would allow access only to :
URI starting with /uri1/... only from datagroup1 URI starting with /uir2/... only from datagroup2
All other co...
jaikumar_f5
MVP
MVPPlease try the below, I assume the datagroups you referred are the IP type.
Assume you have 2 datagroups where the whitelisted IP's are present.
- If Users coming from datagroup1 send requests starting with URI "/uri1/" it will allow.
- If Users coming from datagroup2 send requests starting with URI "/uri2/" it will allow.
Below are the referenced datagroups that were called in the Irule.
ltm data-group internal datagroup1 {
records {
20.20.20.20/32 { }
}
type ip
}
ltm data-group internal datagroup2 {
records {
10.10.10.12/32 { }
}
type ip
}
Irule:
ltm rule test-jai-uri {
when HTTP_REQUEST {
if {([class match -- [IP::client_addr] equals datagroup1] && [HTTP::uri] starts_with "/uri1/") || ([class match -- [IP::client_addr] equals datagroup2] && [HTTP::uri] starts_with "/uri2/")}{
log local0. "Success log"
HTTP::respond 200 content {200 SUCCESS}
} else {
log local0. "Failure log"
HTTP::respond 403 content {403 Unauthorized}
}
}
}
A tip: you can test any case scenario by just using simple logging and http respond options to know if your irule is working or not. I tested in my env and it works.