Forum Discussion

Nimbostratus

Sep 16, 2009

Restrict access based off source network

Hello All, Sanity check...I'm trying to block access to specific pages based off the source network the client is coming from. The rest of the site should remain available to anyone. I *think...

Cirrostratus

Sep 17, 2009

This line was just for debugging of all requests:

     log local0. "[IP::client_addr]:[TCP::local_port]: Request to [HTTP::uri] with dg: $::ips_internal"

If you want to use a switch statement you can use something like this:

 
 when HTTP_REQUEST { 
    switch -glob [HTTP::uri] { 
       "*Test.jsp*" - 
       "*Stats.jsp*" { 
          if {not [matchclass [IP::client_addr] equals $::ips_internal]} { 
             log local0. "[IP::client_addr]:[TCP::local_port]: Matched IP check. Discarding request to [HTTP::uri]" 
             discard 
          } 
       } 
    } 
 }

Note the use of the asterisks for wildcard (glob) matching.

Aaron

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Restrict access based off source network

F5 Academy at AppWorld 2026

Aswin MK - November 2025 Featured Member

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

CVE mitigation on F5 XC vs classic F5 WAF

Could not communicate with the system. Try to reload page.

F5 XC 503 upstream_reset_before_response_started{protocol_error}

UCS Encryption Question

BIG-IP VE: 40G Throughput from 4x10G physical NICs

Related Content

Irule for restricting access

Office 365 Tenant Restrictions

Restricting Access to Virtual from client IP address in X-Forwarder-For HTTP header

Disable/Block access to Network Map

What is Multi-Cloud Networking?

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS