Forum Discussion
Kenny_Van_73892
Nimbostratus
NimbostratusNeed some help to direct http based-on IP and uri
I got a challenge here and if anyone knows someting, please help me out on this.
I got a secure website that I need to use irules to direct traffic from 2 clients' IP addresses: 172.10.10.3 and 192.168.20.15. Let say the website https://www.view.com/access/.... that includes these uri: /consoleview, /helpview, and /secureview. All the users who come from 172.10.10.3 can access to all uri or pages, but users who come from 192.168.20.15 can only access to /consoleview and /helpview, but not /secureview. If I could seperate the www.view.com into 2 seperate pools on Big IP then that would be much easier for me to direct traffic based-on IP, but here I have only 1 single pool (pool1) for the entire site. My Big IP is running on version 4.6.4
Can I use irules to direct traffic based-on above requirement? So far I just came up with this.
if (client_addr == 172.10.10.3 or 192.168.20.15) {
if (http_uri contains "/access") {
use pool pool1
}
else {
discard
}
}
else {
discard
}
Thanks in advance.
Kenny_Van_73892I think I got a solution, but haven't tested yet. If anyone got a better ideas, please let me know. Thanks.
if (client_addr == 172.10.10.3 or 192.168.20.15) {
if (http_uri contains "/access") {
if (client_addr == 192.168.20.15 and http_uri contains "/secureview") {
discard
}
else {
use pool pool1
}
}
else {
discard
}
}
else {
discard
}- It should work (after minor syntactic cleanup). It can be streamlined somewhat:
class allowed { host 172.10.10.3 host 192.168.20.15 } rule access { if (client_addr equals one of allowed and http_uri starts_with "/access") { if (client_addr == 192.168.20.15 and http_uri contains "/secureview") { discard } else { use pool pool1 } } else { discard } }
Using the class and the one of operator is especially useful if there are many addresses to test against. In your case in does not make much difference.
