F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

bezeqint's avatar
bezeqint
Icon for Nimbostratus rankNimbostratus
Dec 05, 2011

security irule per domain

hello,

 

 

i have a server that serves two domains.

 

lets say that the domain names are DomainA.com and DomainB.com

 

i want to build a security irule so that:

 

1. admins from certain IP's or networks will have unlimited access

 

2. public access to DomainA.com is allowed

 

3. certain paths (ie /database/) is blocked for public access on DomainA.com

 

4. public access to DomainB.com is forbidden (admin not included as mentioned in section 1)

 

 

thanks,

 

arnon
application delivery
dev
devops
iRules

2 Replies

  • Michael_Yates's avatar
    Michael_Yates
    Icon for Nimbostratus rankNimbostratus
    Dec 05, 2011
    Hi bezeqint,

    One way to do it would be to use Data Groups (Classes). Something like this: 

     
when HTTP_REQUEST {
switch -glob [string tolower [HTTP::host]] {
"*domaina.com" {
if { [match class [IP::client_addr]] equals allowedipaddresses } {
return
}
elseif { [HTTP::uri] contains "/database*" } {
HTTP::redirect "/"
}
}
"domainb.com" {
if { [match class [IP::client_addr]] equals allowedipaddresses } {
return
}
else {
reject
}
}
}
}

    Create a Data Group that contains the allowed IP Addresses (or Subnets / Networks).

    Hope this helps.