d_feike_266546
May 10, 2017Nimbostratus
restrict uri path for any IP except defined subnets
Hi guys,
I am working on a pretty simple irule, but it works in the opposite as intended. I want to limit access to a URI to internal subnets and any external connection from the internet shall not have access. Can someone point me in the right direction?
Codewhen HTTP_REQUEST {
if { [string tolower [HTTP::path]] contains "/home/status" } {
if { not ( ( [IP::addr [IP::client_addr] equals 172.30.31.32/27] ) or
( [IP::addr [IP::client_addr] equals 10.100.0.0/14] ) or
( [IP::addr [IP::client_addr] equals 10.99.0.0/16] ) or
( [IP::addr [IP::client_addr] equals 192.168.21.0/24] ) or
( [IP::addr [IP::client_addr] equals 192.168.129.0/24] ) or
( [IP::addr [IP::client_addr] equals 192.168.130.0/24] ) or
( [IP::addr [IP::client_addr] equals 10.85.17.157/32] ) or
( [IP::addr [IP::client_addr] equals 10.204.0.0/15] ) or
( [IP::addr [IP::client_addr] equals 10.200.0.0/14] ) or
( [IP::addr [IP::client_addr] equals 10.192.0.0/13] ) or
( [IP::addr [IP::client_addr] equals 10.128.0.0/10] ) or
( [IP::addr [IP::client_addr] equals 10.99.0.0/16] ) or
( [IP::addr [IP::client_addr] equals 10.104.0.0/13] ) or
( [IP::addr [IP::client_addr] equals 10.112.0.0/12] ) or
( [IP::addr [IP::client_addr] equals 10.101.0.0/16] ) ) } {
log local0. "Client Source IP: [IP::client_addr]:[TCP::client_port]" } {
discard
}
}
}
thanks in advance David