Forum Discussion

Anis_Bhambhani's avatar
Anis_Bhambhani
Icon for Nimbostratus rankNimbostratus
Jun 04, 2020

Reverse Proxy iRule to restrict the access on IP

Hi,

I have a Virtual Server setup with SSL (client and Server) Profile.

 

Virtual Server : https://abc.com

 

There is an extension to this URL for a specific application https://abc.com/iauth-token. I want to setup a reverse proxy setup where

 

From ANY to https://abc.com - Allow

From 1.1.1.1/32 to https://abc.com/iauth-token - Allow

From ANY to https://abc.com/iauth-token - DENY.

 

Is that possible with URI based restriction with iRule and how can that be done?

 

 

 

 

  • Hello,

     

    First create one DataGroup list of IP addresses to be allowed and map it under Below iRule.

     

    when HTTP_REQUEST {

    if {[HTTP::uri] eq "/iauthtoken"} 

    {

    if {not ([class match [IP::client_addr] equals Allow-List])} {

    HTTP::respond 403 content "<html><body>Access not permitted</body></html>" Connection Close

    TCP::close

    }

    }

    }

     

    Above iRule will allow access to mentioned URI from addresses which are part of Allow-List data group. Rest traffic should work w/o any issue.

     

    Hope it works!

    Mayur