Forum Discussion

Dave_Burnett_20's avatar
Dave_Burnett_20
Icon for Nimbostratus rankNimbostratus
Mar 02, 2010

Restrict Access to URI based on Source IP

I'm new on the iRule side of things so would appreciate some help.

 

 

Is it possible to restrict access to a particular URI on our public website (not the whole of the website) to a range of trusted IP addresses?

 

 

What would the iRule look like in this instance.

 

 

Thanks

 

application delivery
dev
devops
iRules
  • hoolio's avatar
    hoolio
    Icon for Cirrostratus rankCirrostratus
    Mar 02, 2010
    Hi Dave,

     

     

    It's possible, but not effective as the URI check in an iRule can't handle the various obfuscation methods an attacker could use to bypass the validation. If you did try to normalize all the potential obfuscation techniques, you'd probably end up with a resource hog of an iRule.

     

     

    See this post for details:

     

     

    http://devcentral.f5.com/Default.aspx?tabid=53&forumid=5&tpage=1&view=topic&postid=3090031324

     

     

    I should note that you can normalize the URI using an app firewall like ASM or validation on the webservers themselves.

     

     

    Aaron
  • cneberg_17010's avatar
    cneberg_17010
    Icon for Nimbostratus rankNimbostratus
    Sep 19, 2012
    I get access denied when I click on the link you posted (https://devcentral.f5.com/Default.aspx?tabid=53&forumid=5&tpage=1&view=topic&postid=3090031324 ) how do I get access?
  • hoolio's avatar
    hoolio
    Icon for Cirrostratus rankCirrostratus
    Sep 20, 2012
    Hi,

     

     

    Sorry, there's an access issue with the old links. Here is a working link:

     

    https://devcentral.f5.com/Community/GroupDetails/tabid/1082223/asg/42/aft/30900/showtab/groupforums/Default.aspx31324

     

     

    Aaron