Forum Discussion
iRule to selectively allow limited access by client IP
I have an application which is internet accessible but the application team has asked me to limit access to specific URIs based upon client ip. I just cannot seem to get the logic right.
I am using the default data group private_net and a second string data group called allowed-uri-list which lists the allowed URIs for Internet users.
when HTTP_REQUEST {
if { {[class match [IP::client_addr] eq private_net ]} } {
# allow access
} elseif {
{[class match [HTTP::uri] equals allowed-uri-list ]}} {
#allow access
} else { HTTP::respond 404 }
}
I keep getting http errors for no response and the tcl engine doesn't like my first if.
What am I doing wrong?
Hi Jim_Bo,
Can you try this?
when HTTP_REQUEST { if { [class match [IP::client_addr] equals private_net] } { # allow access } elseif { [class match [HTTP::uri] equals allowed-uri-list] } { # allow access } else { HTTP::respond 404 content "404 Not Found" } }
or
when HTTP_REQUEST { if { not ([class match [IP::client_addr] equals private_net] || [class match [HTTP::uri] equals allowed-uri-list]) } { HTTP::respond 404 content "404 Not Found" } }
- Jim_BoNimbostratus
Actually after the app team provided the correct app name/vip address, using LTM Traffic Policy made this quick and easy. thanks for your response. My original policy wasn't working because they had me apply and test on a very similar but incorrect VIP.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com