For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

jokragly's avatar
jokragly
Icon for Nimbostratus rankNimbostratus
May 17, 2016

iRule with ASM URL filtering

I have a website that the developers would like to have one particular /path available for internal access but deny for external users. The trick is that we use ASM URL Filtering. I can certainly r...
application delivery
ASM Advanced WAF
iRules
security
Charles_Rosenbe's avatar
Charles_Rosenbe
Historic F5 Account
May 17, 2016

If your private network has a single congruent subnet source (10.0.0.0/8), you could limit access using Source Mask on the virtual server. You could create a virtual server with the same settings as the existing one, but give it a source mask of the private network. This new virtual server could have a policy that allowed access to the URL while the other virtual server would handle all other source addresses. The virtual server that handles all other traffic could have a slightly different policy that just denied access to that URL in question. This way you can still reuse the existing IP address for the virtual servers, but have different virtual servers depending on the source address. With different virtual servers, you can have different ASM policies which have different restrictions.