Forum Discussion
DarkSideOfTheQ_
Nimbostratus
NimbostratusRestrict access based off source network
Hello All,
Sanity check...I'm trying to block access to specific pages based off the source network the client is coming from. The rest of the site should remain available to anyone. I *think...
hoolio
Cirrostratus
CirrostratusYou could add more logging to find out what's happening:
when HTTP_REQUEST {
log local0. "[IP::client_addr]:[TCP::local_port]: Request to [HTTP::uri]"
if { ([HTTP::uri] contains "Test.jsp") or ([HTTP::uri] contains "Stats.jsp") and not ([matchclass [IP::client_addr] equals $::ips_internal]) } {
log local0. "[IP::client_addr]:[TCP::local_port]: Discarding request to [HTTP::uri]"
discard
}
}
Also, as CB pointed out, you should remove the square braces around the datagroup name. That would probably trigger a runtime TCL error as you'd be trying to execute the contents of the class. If that still doesn't work, you could break up the URI and IP address checks into separate if statements with more logging.
Aaron
