Forum Discussion

Nick_Mattern_67's avatar
Nick_Mattern_67
Icon for Nimbostratus rankNimbostratus
Apr 15, 2010

Redirect URL based on IP

I've looked at a lot of information on this forum but nothing seems to meet my need exactly and I'm guessing it's something horribly obvious I'm missing.

 

 

I want to restrict access to a URL based on source address. Basically, if someone hits www.domain.com/admin/login.php, and if it's not in the 10.10.10.x or 10.10.11.x networks, it gets redirected to www.domain.com/

 

 

I'd post what I have in the irule now, but it's such a cluster I'm not sure it'd be handy. Anyone point me in the right direction of an irule that will help me accomplish this?

 

1 Reply

  • James_Quinby_46's avatar
    James_Quinby_46
    Historic F5 Account
    Howdy. This seems to work pretty well, though I have no doubt that if there's a more efficient way to do it, someone will step in and reveal it:

     
    when HTTP_REQUEST {
    log local0. "URI requested: [HTTP::uri]"
    
    if { [HTTP::uri] equals "/admin/login.php"} {
    
    log local0. "We have a URI match!"
    if {[matchclass [IP::client_addr] equals $::good_networks] }{
    
    log local0. "[IP::client_addr] is good! Access to [HTTP::uri] granted"
    
    } else {
    
    log local0. "[IP::client_addr] is not so good! Redirect issued!"
    HTTP::redirect "http://www.google.com"
    
    }
    }
    }
    
    

    Comment out the log lines and switch the redirect to something more appropriate. Also, this rule makes use of an external data class, which you can create with the F5 iRule editor. In /config/bigip.conf, mine looks like this:

    
    class good_networks {
       {
           network 10.10.10.0/24
           network 192.168.1.0/24
        }
    }