Hi Le Phuong Binh,
This are my suggestions, there are many other ways to do this and even more efficient ways than what I am showing you here, but this way may be the easiest to initially understand and then you can go for efficiency later.
Create two pools and split your servers into those pools to make load balancing between the servers sets possible (attempting to do this in an iRule is possible but would require insane overhead).
a.Pool 1: pool.admin.server.set.1 (Server1 and Server2)
b.Pool 2: pool.admin.server.set.2 (Server3 and Server 4)
The first portion of this iRule handles the access to "/admin". It verifies that the client IP Address is within the proper subnet (10.10.10.240/28). If you are attempting to access the "/admin" portion of the site and the client IP Address is NOT in that subnet range it will redirect the user back to the base website.
The second if statement does a compare on the the more restricted subnet (10.10.10.241/28). If the client IP Address is in that range they will be directed to the pool with Server 1 and 2. If they do not qualify for the first subnet compare then I am assuming that they are in the second and routing them to the pool with Server 3 and Server 4. If you want to add in an additional subnet compare you can, but you will need to then handle what happens if they do not qualify for either subnet (drop the traffic redirect them, etc.).
when HTTP_REQUEST {
if { [string tolower [HTTP::uri]] starts_with "/admin" and [IP::addr [IP::client_addr] equals 10.10.10.240/28] } {
pool pool.admin.server.set.1
}
else {
If they are not in the allowed subnet 10.10.10.240/28 redirect them to homepage.
You can drop the traffic or whatever else you wish.
HTTP::redirect "http://[getfield [HTTP::host] ":" 1]"
}
if { [IP::addr [IP::client_addr] equals 10.10.10.241/28] } {
pool pool.admin.server.set.1
}
else {
pool pool.admin.server.set.2
}
}