For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

DarkSideOfTheQ_'s avatar
DarkSideOfTheQ_
Icon for Nimbostratus rankNimbostratus
Sep 16, 2009

Restrict access based off source network

Hello All, Sanity check...I'm trying to block access to specific pages based off the source network the client is coming from. The rest of the site should remain available to anyone. I *think...
application delivery
dev
devops
iRules
DarkSideOfTheQ_'s avatar
DarkSideOfTheQ_
Icon for Nimbostratus rankNimbostratus
Sep 17, 2009
Well, as you suggested earlier, breaking out the matchclass to it's own if line worked.

 

 

Sep 17 10:04:09 tmm tmm[959]: Rule secure_test : 99.99.220.62:80: Request to /templates/Test.jsp with dg: {1.1.0.0/20} {2.2.0.0/22}

 

Sep 17 10:04:09 tmm tmm[959]: Rule secure_test : 99.99.220.62:80: Matched URI check

 

Sep 17 10:04:09 tmm tmm[959]: Rule secure_test : 99.99.220.62:80: Matched IP check. Discarding request to /templates/Test.jsp

 

 

The first log line, should that log client info for ONLY members of the datagroup? It's logging client info for any request made and even mentions the dg parameter, so I'm a bit confused on that.

 

 

Sep 17 10:03:47 tmm tmm[959]: Rule secure_test : 2.60.0.104:80: Request to /resources with dg: {1.1.0.0/20} {2.2.0.0/22}

 

*2.60.x.x is a vpn range in the 2.2.0.0 office (i changed first two octets)