Forum Discussion
Stephane_87808
Nimbostratus
NimbostratusRestriction on IP source AND uri dest
Hello
I need to limit the access to some specific uri containing /wps/wcm/.*connect/iww_. to 10.0.0.0/8 ip range : except this specif web pages on Pool_WCM_Rendering_HTTP, all the website has to be accessible by anybody whatever his source ip.
for the time being, I'am using the following irule :
when HTTP_REQUEST {
if {[HTTP::host] equals "wcm.bureauveritas.com"} {
pool Pool_WCM_Authoring_HTTP
} else {
pool Pool_WCM_Rendering_HTTP
}
}
and I try now to implement something like :
when HTTP_REQUEST {
if {[HTTP::host] equals "wcm.bureauveritas.com"} {
pool Pool_WCM_Authoring_HTTP
} elseif { not [IP::addr [IP::client_addr] 10.0.0.0/8 ] AND [HTTP::uri] contains "/wps/wcm/.*connect/iww_.*" } {
reject
}
else {
pool Pool_WCM_Rendering_HTTP
}
}
but the syntax is not correct : could you help me finding the correct syntaxt ? Is the best approach to filter as requested ?
Thanks
Stephane Creuze
2 Replies
MarketCrash_746Stephane,
I am not positive this is what you want, but this iRule should look for the extra wcm.bureauveritas.com, your regular expression, and the internal IP address range. If all are true, then it will apply the rendering pool. Elsewise, if it sees wcm.bureaveritas.com and nothing else it will send it down the other pool.
when HTTP_REQUEST {
if {[HTTP::host] equals "wcm.bureauveritas.com"} {
[IP::client_addr] 10.0.0.0/8 ] AND [HTTP::uri] contains "/wps/wcm/.*connect/iww_.*" } {
pool Pool_WCM_Rendering_HTTP
} else {
pool Pool_WCM_Authoring_HTTP
}
}
Thanks,
-Andrew- nitass
Employee
besides regex, you may use this string match.
string match -nocase "/wps/wcm/*connect/iww_*" [HTTP::uri]
just my 2c.
