Forum Discussion
Nimbostratuslimit access from source 192.168.1.1 to single URL and permit all others
Dears,
I'm trying to write an irule that limit access from source 192.168.1.1 to single url : else permit to all.When applying the below on VS its not working anymore. it should be when http_request or when_client_accepted ?
when HTTP_REQUEST { if { !([HTTP::uri] equals "; and [IP::client_addr] equals "192.168.1.1/32" ) } { reject }
}
14 Replies
aboulleill_3013Dear Daniel,
find below logs :
Jan 24 16:05:24 F5-1 info tmm1[14061]: Rule /Middleware/rackspace : URI: /cvs/chn.website.cvs.Account_1.0?wsdl Jan 24 16:05:24 F5-1 info tmm1[14061]: Rule /Middleware/rackspace : IP: 192.168.100.201%10
Jan 24 16:07:09 F5-1 info tmm1[14061]: Rule /Middleware/rackspace : URI: /OmegaIntegration/proxy/BankMedOmegaIntegrationWS?wsdl Jan 24 16:07:09 F5-1 info tmm1[14061]: Rule /Middleware/rackspace : IP: 192.168.100.201%10
Best Regards, Ralph El Habr
Daniel_VarelaEmployee
If you are using route domains then you have to add the route domain id at the end of the IP like:
[IP::client_addr] equals "192.168.100.201%10"
Can you test this?
Lee_SutcliffeNacreous
I would just change the logic to 'contains' to get around the route domain issue. Makes the iRule more portable for other VIPs in different route domains
eg
[IP::client_addr] contains "192.168.100.201"- aboulleill_3013
Thank you Daniel yes im using route domains and this was the problem. MrPlastic I used contains instead of % and its working now :)
thank you for your support.
