security irule per domain

Question

hello,&nbsp;
&nbsp;i have a server that serves two domains.
&nbsp;lets say that the domain names are DomainA.com and DomainB.com
&nbsp;i want to build a security irule so that:
&nbsp;1. admins from certain IP's or networks will have unlimited access
&nbsp;2. public access to DomainA.com is allowed
&nbsp;3. certain paths (ie /database/) is blocked for public access on DomainA.com
&nbsp;4. public access to DomainB.com is forbidden (admin not included as mentioned in section 1)&nbsp;
&nbsp;thanks,
&nbsp;arnon

michael_yates · Answer

Hi bezeqint, 
  
 One way to do it would be to use Data Groups (Classes).  Something like this:

when HTTP_REQUEST {
switch -glob [string tolower [HTTP::host]] {
"*domaina.com" {
if { [match class [IP::client_addr]] equals allowedipaddresses } {
return
}
elseif { [HTTP::uri] contains "/database*" } {
HTTP::redirect "/"
}
}
"domainb.com" {
if { [match class [IP::client_addr]] equals allowedipaddresses } {
return
}
else {
reject
}
}
}
}

Create a Data Group that contains the allowed IP Addresses (or Subnets / Networks). 
  
 Hope this helps.

bezeqint · Answer

thanks!

Forum Discussion

security irule per domain

Recent Discussions

F5 looses the token for the first call

iRule - Url rewrite and header replace and pool selection not working

Switch ssl profile based on weak cipher detection via IRULE

full-proxy HTTP2

Decode ObjectSID from Base64-encode string

Related Content

Blocking domains

owa iapp assign irule

iRULE regsub error

Redirect domain apex to www, retain URL/protocol

iRule assistance for subfolder redirect

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS