Forum Discussion
Eric_Frankenfie
Nimbostratus
NimbostratusRestricting Access to URI Based on IP Address
Is there a way for an iRule to restrict access to an URI based on IP address?
I would like UNRESTRICTED access to:
https://qa.ipcws.fiserv.com
I would like to RESTRICT access by IP address to:
https...
Lornz_118797Nimbostratus
NimbostratusI'm trying to do similar, with (I think) an understanding that f5 recommends not using data groups in a multiprocessor system. So I'm trying to do this:
when HTTP_REQUEST {
switch -glob [HTTP::uri] {
"/healthcheck" {
if { not (([IP::client_addr] equals 10.0.0.0/8) || ([IP::client_addr] equals 172.16.0.0/12) || ([IP::client_addr] equals 192.168.0.0/24)) } {
HTTP::respond 403 content {Blocked!}
}
}
}
}
BigIP is protesting with this though:
01070151:3: Rule [block_public_healthcheck] error: line 4: [parse error: PARSE syntax 128 {syntax error in expression " not (([IP::client_addr] equals 10.0.0.0/8) || ([IP::client_...": looking for close parenthesis}] [{ not (([IP::client_addr] equals 10.0.0.0/8) || ([IP::client_addr] equals 172.16.0.0/12) || ([IP::client_addr] equals 192.168.0.0/24)) }]
and I can't tell if it's because I'm actually using incorrect language, as I'm not seeing a missed close paren. Thanks!
