For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Jim_Sellers_106's avatar
Jim_Sellers_106
Icon for Nimbostratus rankNimbostratus
Oct 03, 2011

Path Based ACL Irule

 

Here is the scenario

 

 

 

 

I have 9 IP addresses that I want to allow to the following path but allow access to any other URL/URI on the server.

 

 

 

Lets just say 1.1.1.1 through 1.1.1.9

 

 

/npcaccounts/ManageAccount.aspx

 

/npcaccounts/ManageVendor.aspx

 

 

 

I have a few idea's in mind... creating a class for the sources and then creating a class for the paths. Any suggestions or help would be much appreciated.

 

 

 

 

 

 

 

 

 

 

application delivery
dev
devops
iRules

12 Replies

Show More
  • Jim_Sellers_473's avatar
    Jim_Sellers_473
    Icon for Nimbostratus rankNimbostratus
    Oct 13, 2011
    Well I am just trying only give access to a datagroup of IP addresses to a couple Admin type URL's and block any IP's that are not in the datagroup that try to access lets say /customer/ems*
  • Jim_Sellers_473's avatar
    Jim_Sellers_473
    Icon for Nimbostratus rankNimbostratus
    Oct 13, 2011
    Here is the current method I am trying big thanks for Bhattman!!

     

     

    ACL_EMSECOMMER_PROD is the datagroup I have setup with some IP addresses that need to be able to access /customers/ems*

     

     

    when HTTP_REQUEST {

     

    switch -glob [string tolower [HTTP::uri]] {

     

    "/customers/ems/*"

     

    {

     

    if { not [class match [IP::client_addr] equals ACL_EMSECOMMERCE_PROD ] } {

     

    discard

     

    }

     

    }

     

    }

     

    }