Forum Discussion
NimbostratusNeed assitance creating an iRule to inclusively restrict access to a URL
We have an application that has multiple portals with client access controlled at the application layer. We would like to segment our population based on internet vs intranet. I'd like to restrict access to the internet portal only. If a user having access to multiple portals login from the internet, they should only see the menu for that particular portal.
Ex. URL... ...
Ex. iRule...
when HTTP_REQUEST { if {([HTTP::uri] eq "/")|| [HTTP::uri] eq ""} { set login_url [class match -value -- [HTTP::host] starts_with site_login] if {$login_url ne ""} { HTTP::redirect $login_url } elseif {[HTTP::uri] contains "/nodename/"} { Do nothing return } else { reject } } } }
This code is an attempt to redirect the client to the login page if a uri is not specified using a data group list. If a uri is specified, it checks that the client is always using the the specified nodename in the uri. If they aren't, reject their access. I'm trying to prevent a client/user from being able to change the uri to point to another portal and gain access from the internet.
The issue with this iRule is that the images live in the sitename directory on the web server (WebLogic). The path to these images do not include the nodename, therefore pages are not rendering correctly.
How do I inclusively restrict access to the portal and allow client access to all images in the sitename directory sitting on the web server(s)?
Thanks in advance...
1 Reply
SnlCirrostratus
use this a sample irule
1)Create Data group list as allowed-host and added the IP x.x.x.x/32
2) created below irule and called the data group list allowed-host
use string as equal or contain based on uri requirement
Code when HTTP_REQUEST { if { ( [string tolower [HTTP::uri]] ends_with "/web/svc.html" ) } { if { not ( [class match [IP::client_addr] equals allowed-host] ) } { reject } } }
