Forum Discussion

DevF5_378450's avatar
DevF5_378450
Icon for Nimbostratus rankNimbostratus
Dec 04, 2018

Limit access to an uri to a group of IPs

I am new to F5 iRules. We have a need to restrict access to an uri to the limited group of IPs. We have added these IPs to a data group and referenced it in below iRule. Request is still forwarded fr...
iRules
security
wlopez_98779's avatar
wlopez_98779
Icon for Nimbostratus rankNimbostratus
Dec 04, 2018

You could do something like this:

when HTTP_REQUEST {
if { ( [string tolower [HTTP::path]] starts_with "/temp/servlet.do" ) && ( not ([class match [IP::client_addr] equals IPDataGroup]) ) } {
        HTTP::redirect "http://test.com/temp/error.aspx" 
        }
}

Just make sure you include the IP addresses or subnets in data group 'IPDataGroup' for which you want to grant access to.

You could also replace the redirect with other actions like 'reject' or 'drop'.

DevF5_378450's avatar
DevF5_378450
Icon for Nimbostratus rankNimbostratus
Dec 05, 2018

Yes, we have IP addresses in 'IPDataGroup'.

ltm data-group internal IPDataGroup {

records {
                            1.1.1.0/24 { }
                            2.2.2.0/24 { }
                            3.3.3.0/24 { }
                            4.4.4.4 { }
                            5.5.5.5 { }

}
type ip

}