F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

Matt_Breedlove_'s avatar
Matt_Breedlove_
Icon for Nimbostratus rankNimbostratus
Feb 01, 2007

Need some opinions on iRule

Basically, I am trying to allow a few URI's to be accessible by the Internet when trying to hit a particular Pool, but all other URI's to be dropped unless the source IP of the client is coming from...
application delivery
dev
devops
iRules
Deb_Allen_18's avatar
Deb_Allen_18
Historic F5 Account
Feb 06, 2007
Well, you can't nest events like that. You have to postpone the decision of connection management until the URI is seen, and then you will have to simply discard the request.

For testing just those 2 IP subnets, try this:

when HTTP_REQUEST {
  switch -glob [string tolower [HTTP::uri]] {
    /feedserver/login* { pool fc.acmehosting.com }
    /feedserver/logout* { pool fc.acmehosting.com }
    /feedserver/getdata* { pool fc.acmehosting.com }
    /feedserver/setdata* { pool fc.acmehosting.com }
    /feedserver/stateChange* { pool fc.acmehosting.com }
    /feedserver/proxyRequest* { pool fc.acmehosting.com }
    default {
      if {[IP::addr [IP::client_addr] equals 200.3.81.0/24] or \
       [IP::addr [IP::client_addr] equals 10.0.0.0/8]}{
         pool fc.acmehosting.com 
      } else {
        discard
      }
    }
  }
}

This will allow all connections to the first 6 URIs, and only connections from those 2 IP subnets to other URIs.

/deb