For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

DarkSideOfTheQ_'s avatar
DarkSideOfTheQ_
Icon for Nimbostratus rankNimbostratus
Sep 16, 2009

Restrict access based off source network

Hello All, Sanity check...I'm trying to block access to specific pages based off the source network the client is coming from. The rest of the site should remain available to anyone. I *think...
application delivery
dev
devops
iRules
DarkSideOfTheQ_'s avatar
DarkSideOfTheQ_
Icon for Nimbostratus rankNimbostratus
Sep 17, 2009
Now I've gone and broke things....

This works: 

  
 when HTTP_REQUEST {   
  
      if { [HTTP::uri] contains "Test.jsp" or [HTTP::uri] contains "Stats.jsp" }{  
  
            if {not [matchclass [IP::client_addr] equals $::ips_internal]} {  
  
            log local0. "[IP::client_addr]:[TCP::local_port]: Matched IP check. Discarding request to [HTTP::uri]" 
            discard 
         }  
      }   
 }

In anticipation of them adding more pages they want secured, I tried the '-glob' mechanism, but the GUI tells me "line 5: [missing an expression] [ ]" but not sure what's missing??? 

  
 when HTTP_REQUEST {    
 switch -glob [HTTP::uri] {   
 "Test.jsp" -  
 "Stats.jsp"  
 if {not [matchclass [IP::client_addr] equals $::ips_internal]} {   
 log local0. "[IP::client_addr]:[TCP::local_port]: Matched IP check. Discarding request to [HTTP::uri]"  
 discard  
 }   
 }    
 }

Help is appreciated, my irule kung-fu isn't so strong. 🙂

-DarkSide