For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

JamesB12's avatar
JamesB12
Icon for Altocumulus rankAltocumulus
Nov 25, 2022

Need iRule to block the traffic for specific URL

Hello Can somebody help on this please?   I have LTM appliance & Virtual server 'https://www100.test.com' hosted. The requirement I have is to block all the traffic destinated to one of the appli...
f5
irule
LTM
security
URL Blocking
JamesB12's avatar
JamesB12
Icon for Altocumulus rankAltocumulus
Nov 25, 2022

Thanks for that , Should be OK with sending 

HTTP::respond 403

If i need to filter specific Source IPs say from Whitelist1 Data group allow it, block rest of it for the same URL  "www100.test.com/ce". How do i match the condition with the below iRule.

 

when HTTP_REQUEST {
if { [string tolower "[HTTP::host][HTTP::path]"] starts_with "www100.test.com/ce" } then {
HTTP::respond 403 content "<html><body><h1>Access Denied</h1></body><html>" "Content-Type" "text/html"
}

 

Thanks

ScottE's avatar
ScottE
Icon for MVP rankMVP
Nov 25, 2022

JamesB12 

Sounds like the piece you are looking for is a class match for the whitelist.

when HTTP_REQUEST {
if { [string tolower "[HTTP::host][HTTP::path]"] starts_with "www100.test.com/ce" } then {

    if { [class match [IP::client_addr] equals Whitelist1] } {
        log local0.info "TESTCE: Acceptable usage from [IP::remote_addr]"

    } else {
        HTTP::respond 403 content "<html><body><h1>Access Denied</h1></body><html>" "Content-Type" "text/html"

       return
   }

}

You can also have a pool selection with the log statement if the traffic goes to a specific pool.  You can also just negate the "if" condition if you only want to action if the IP is not in the whitelist.

Scott