Forum Discussion

bsm1970's avatar
bsm1970
Icon for Nimbostratus rankNimbostratus
Sep 09, 2019

Restrict access to virtual server during specified time

I'm wondering if there is a way in the F5 to restrict access to a virtual server during certain hours. For instance, if I wanted to only allow access during work hours (say, from 7am to 6pm on weekdays) and deny access outside of that timeframe. How would I go about this?

application delivery
ASM Advanced WAF
LTM
  • Stanislas_Piro2's avatar
    Stanislas_Piro2
    Sep 10, 2019

    try this:

    when RULE_INIT {
    array set static::timerange {
        Sunday {"07:00" "18:00"}
        Monday {"07:00" "18:00"}
        Tuesday {"07:00" "18:00"}
        Wednesday {"07:00" "18:00"}
        Thursday {"07:00" "18:00"}
        Friday {}
        Saturday {}
    }
}
 
when HTTP_REQUEST {
    set now [clock seconds]
    set current_day [clock format $now -format {%A}]
    set start [lindex $static::timerange($current_day) 0]
    set end [lindex $static::timerange($current_day) 1]
    if {($start ne "") && ($end ne "") && ($now >= [clock scan $start]) && ($now < [clock scan $end])} {
        set denied 0
    } else {set denied 1}
    unset start end
 
    if { $denied } {
        HTTP::respond 200 content "<html><head><title>Not Authorised! Contact Administrator</title></head><body>Not Authorised! Contact Administrator...</body></html>"
    } else {pool POOL_443}
    unset denied
}
  • Stanislas_Piro2's avatar
    Stanislas_Piro2
    Icon for Cumulonimbus rankCumulonimbus
    Sep 10, 2019

    try this:

    when RULE_INIT {
    array set static::timerange {
        Sunday {"07:00" "18:00"}
        Monday {"07:00" "18:00"}
        Tuesday {"07:00" "18:00"}
        Wednesday {"07:00" "18:00"}
        Thursday {"07:00" "18:00"}
        Friday {}
        Saturday {}
    }
}
 
when HTTP_REQUEST {
    set now [clock seconds]
    set current_day [clock format $now -format {%A}]
    set start [lindex $static::timerange($current_day) 0]
    set end [lindex $static::timerange($current_day) 1]
    if {($start ne "") && ($end ne "") && ($now >= [clock scan $start]) && ($now < [clock scan $end])} {
        set denied 0
    } else {set denied 1}
    unset start end
 
    if { $denied } {
        HTTP::respond 200 content "<html><head><title>Not Authorised! Contact Administrator</title></head><body>Not Authorised! Contact Administrator...</body></html>"
    } else {pool POOL_443}
    unset denied
}
    • bsm1970's avatar
      bsm1970
      Icon for Nimbostratus rankNimbostratus
      Sep 10, 2019

      This seems to work well. Thanks to both of you for the quick replies!

  • Faruk_AYDIN's avatar
    Faruk_AYDIN
    Icon for Nimbostratus rankNimbostratus
    Sep 10, 2019

    Hi Guy,

    Use this iRule:

    when CLIENT_ACCEPTED { 
	set start_time "0700"
	set end_time "1800"
	set day "Saturday Sunday"
	set dayTime [split [clock format [clock seconds] -format {%A %H %M}] " "]
	set cur_day [lindex $dayTime 0] 
	set cur_time [expr [expr {[lindex $dayTime 1] *100}] + [lindex $dayTime 2]]
	if { ($day contains $cur_day) || ($cur_time < $start_time) || ($cur_time > $end_time) } {
		#drop it
		drop
	}
}
    • bsm1970's avatar
      bsm1970
      Icon for Nimbostratus rankNimbostratus
      Sep 10, 2019

      Help me understand this. Because it looks like you're telling it to allow traffic from 7am to 6pm on Saturday and Sunday, but maybe I'm reading it wrong.

      • Faruk_AYDIN's avatar
        Faruk_AYDIN
        Icon for Nimbostratus rankNimbostratus
        Sep 10, 2019

        the logic of if clause has a bit tricky. It is the simplest way.