Forum Discussion
Dear All,
I have tried below iRule with the intension to access specific URI (testapi.apsx) from specific IP which is part of testapiAllowList datagroup , however when I am trying to access URI (testapi.aspx), it is still accessible from the IP which is not part of testapiAllowList datagroup
======================= when HTTP_REQUEST { if { [string tolower [HTTP::path]] contains "/testapi.aspx" } { if { !([matchclass [IP::client_addr] equals testapiAllowList])} { discard }
==========
As per my understanding, if I am not part of testapiAllowList datagroup, I should not able to access URI "/tetsapi.aspx"
Kindly correct me if I am wrong
The logic here seems sound. What does your data group look like?
Maybe add some logging to see what's going on.
when HTTP_REQUEST {
if { [string tolower [HTTP::path]] contains "/testapi.aspx" } {
if { !([matchclass [IP::client_addr] equals testapiAllowList]) } {
log local0. "discarding"
discard
} else {
log local0. "allowing"
}
} else {
log local0. "something else"
}
}