Forum Discussion

Nimbostratus

Feb 02, 2007

Need some opinions on iRule

Basically, I am trying to allow a few URI's to be accessible by the Internet when trying to hit a particular Pool, but all other URI's to be dropped unless the source IP of the client is coming from...

Historic F5 Account

Feb 06, 2007

Well, you can't nest events like that. You have to postpone the decision of connection management until the URI is seen, and then you will have to simply discard the request.

For testing just those 2 IP subnets, try this:


when HTTP_REQUEST {
  switch -glob [string tolower [HTTP::uri]] {
    /feedserver/login* { pool fc.acmehosting.com }
    /feedserver/logout* { pool fc.acmehosting.com }
    /feedserver/getdata* { pool fc.acmehosting.com }
    /feedserver/setdata* { pool fc.acmehosting.com }
    /feedserver/stateChange* { pool fc.acmehosting.com }
    /feedserver/proxyRequest* { pool fc.acmehosting.com }
    default {
      if {[IP::addr [IP::client_addr] equals 200.3.81.0/24] or \
       [IP::addr [IP::client_addr] equals 10.0.0.0/8]}{
         pool fc.acmehosting.com 
      } else {
        discard
      }
    }
  }
}

This will allow all connections to the first 6 URIs, and only connections from those 2 IP subnets to other URIs.

/deb

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)