Forum Discussion

Joe_Gorman_4645's avatar
Joe_Gorman_4645
Icon for Nimbostratus rankNimbostratus
Mar 05, 2012

Restriction of access to URI by IP

So I'm needing to restrict access to 4 URIs by IP Address. I have created the following iRule and Datagroup. At this time, it works for the first URI in the list, but returns a 404 error for the rest ...
application delivery
dev
devops
iRules
hooleylist's avatar
hooleylist
Icon for Cirrostratus rankCirrostratus
Mar 05, 2012
Hi Joe,

Are you sure about the 404? The iRule should either send a 403 or send the request to the VS default pool. I don't see how LTM could cause a 404 here either by rewriting the request or selecting the wrong pool.

Though you are missing a space between matchclass and the client IP in the last three switch cases. That should cause a runtime TCL error and TCP reset being sent to the client.

Also, you could combine the four URIs into one switch action like this: 

when HTTP_REQUEST {
    switch -glob [string tolower [HTTP::path]] {
        "/grda*" -
        "/grsupport*" -
        "/grreg*" -
        "/grrt*" {
            if {not [matchclass [IP::client_addr] equals grs_access]}{
                HTTP::respond 403 content {Blocked!}
            }
        }
    }
}

Aaron