Forum Discussion

Nimbostratus

Dec 16, 2015

reject public IP to url allow internal IPs

have a site that needs to reject public access to /abc (allowing internal IPs) but allow public/private access to /abc1 started out with this irule to reject /abc but then realized that /abc1 needs...

MVP

Dec 17, 2015

Hi Jace,

iRules evalutes your conditions in a first-match order.

So either make sure you'll use a collision free conditions set by using "equals" operators (as Stephan already recommended), or evaluate the most restrictiv "starts_with" condition first and the continue to evaluate the less restrictive "starts_with" condition (see snippet below).

when HTTP_REQUEST {
    set low_uri [string tolower [HTTP::uri]]
    if { $low_uri starts_with "/abc1" } then {
         Allow the request
    } elseif { ( $low_uri starts_with "/abc" ) and not ( [class match [IP::client_addr] equals private_net] ) } then {
        reject
    }
}

Cheers, Kai

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

reject public IP to url allow internal IPs

AppWorld 2026: Save the Date and Join Our Community In Person!

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

Automate F5OS license activation using ansible

AS3 Storage

f5 client certificate forwarding

How to configure pool to go down if multiple members are down

Terraform LTM provider - ICMP disabled on resulting VIPs

Related Content

Enriching AFM with public domain Threat Intelligence

F5 High Availability - Public Cloud Guidance

Public Cloud Simplified with F5 NGINXaaS for Azure

SSLO in public cloud: Azure inbound L3 use case

GTM Monitors internal LTM, but I need Public IP as Answer

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS