Forum Discussion

Nimbostratus

Dec 04, 2018

Limit access to an uri to a group of IPs

I am new to F5 iRules. We have a need to restrict access to an uri to the limited group of IPs. We have added these IPs to a data group and referenced it in below iRule. Request is still forwarded fr...

iRules

security

wlopez_98779

Nimbostratus

You could do something like this:

when HTTP_REQUEST {
if { ( [string tolower [HTTP::path]] starts_with "/temp/servlet.do" ) && ( not ([class match [IP::client_addr] equals IPDataGroup]) ) } {
        HTTP::redirect "http://test.com/temp/error.aspx" 
        }
}

Just make sure you include the IP addresses or subnets in data group 'IPDataGroup' for which you want to grant access to.

You could also replace the redirect with other actions like 'reject' or 'drop'.

DevF5_378450

Nimbostratus

Dec 05, 2018

Yes, we have IP addresses in 'IPDataGroup'.

ltm data-group internal IPDataGroup {

records {
                            1.1.1.0/24 { }
                            2.2.2.0/24 { }
                            3.3.3.0/24 { }
                            4.4.4.4 { }
                            5.5.5.5 { }

}
type ip

}

Forum Discussion

Limit access to an uri to a group of IPs

Recent Discussions

Citrix XenServer Big-IP Upgrade help

Hi All, We have viprion 4300 with 4450 blades with 6 blades all blades having same configuration

BWC iRule

Can iRule be used to perform exception of IPI category based on Geolocation

help irules for compatibilty

Related Content

How to limit some snmp mib access

Certified Kubernetes Administrator - Study Group

Federated AWS Console Access Made Easy: F5 BIG-IP Access Policy Manager Access Guided Configurations

Rate Limiting based on ACCESS TOKEN (OAuth 2.0)

GTM synchronization group