F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

Simon_Lodge's avatar
Simon_Lodge
Icon for Nimbostratus rankNimbostratus
Jul 27, 2016

iRule to restrict public users to a specific service URI, whilst allowing internal users to access anything they like (along with

Hi All,   First post, and i'm a relative newbie when it comes to iRules, so any assistance would be much appreciated.   I have a single VS that accepts connections from both public customers an...
application delivery
iRules
Hannes_Rapp's avatar
Hannes_Rapp
Icon for Nimbostratus rankNimbostratus
Jul 27, 2016

Untested, but the logic should work. Apply that iRule to your TCP/443 VS (test in QA first).

when HTTP_REQUEST {
  if { not ([HTTP::path] eq "/SelfService" ) and not ([class match [IP::client_addr]] eq private_net ) }{
    HTTP::respond 302 noserver Location "https://[HTTP::host]/SelfService" Connection Close
  }
}

To enforce the explicity use of HTTPS, just apply a HTTPS redirect iRule to your VS that's listening on TCP/80 port. You can use _sys_https_redirect (one of the default iRules). If you don't have a dedicated TCP/80 VS yet, I recommend to create one so that you have two Virtual Servers with the same IP, but with a different port number.

  • Simon_Lodge's avatar
    Simon_Lodge
    Icon for Nimbostratus rankNimbostratus
    Jul 27, 2016

    Fantastic,

     

    And thanks for such a quick response! I'll test with the client and update the thread with the results.