Restrict Access to a URL with a iRule

Question

Hi all,i have a web server and would like to restrict the access to the server. The access should only work if the request contains "/spa" or the the IP machtes the IPs in the data group. Unfortunately the iRule doesn't work. I am allays getting a HTTP 403. Does someone sees a error in the iRule or have some experience with restricting the access by IP and URL path?when HTTP_REQUEST {
if { [string tolower [HTTP::uri]] contains "/spa" or [class match [IP::client_addr] equals allowIP]} {
pool web-server001
&nbsp;
} else {
HTTP::respond 403
}
}THX!

jg · Answer

You might want to put in some logging to help troubleshooting, e.g.

log local0. "[HTTP::uri] ; [IP::client_addr]"

in the conditional to see where the incoming request gets.

Also, you should enable OneConnect if you have not done so.

dan44 · Answer

hii have enabled the login.  with help of the logs we find out that the "client_addr" was always the interface IP of the firewall. the problem was that on the firewall (NAT enabled). After disabling NAT on the FW the rule worked.

jg · Answer

Good to hear you have got the problem sorted.

kai_nguyen · Answer

hi Dan,  so is this irule working for web server behind dmz? do you mind explaining about the NAT enabled part on the FW ? do you have to modify the irule at the end?&nbsp;ThanksKai&nbsp;&nbsp;

Forum Discussion

Restrict Access to a URL with a iRule

Recent Discussions

Can you set Kerberos AAA server via session variable?

HTML Code injection Not detected by ASM

What will be happen to live and existing connections when failover HA BIG IP active-standby

SSL Offload and remove FQDN

High CPU utilization (100%).

Related Content

Restrict access to virtual server during specified time

iRule - Restricting IP addresses for a portion of URI

Restrict access to VS by ip & time

How to access an LTM Policy variable from an iRule ?

iRule to Restrict access based on JSON Parameter Value

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS