Forum Discussion

Nimbostratus

Dec 05, 2011

security irule per domain

hello, i have a server that serves two domains. lets say that the domain names are DomainA.com and DomainB.com i want to build a security irule so that: 1. admins from certain...

Nimbostratus

Dec 05, 2011

Hi bezeqint,

One way to do it would be to use Data Groups (Classes). Something like this:

 
when HTTP_REQUEST {
switch -glob [string tolower [HTTP::host]] {
"*domaina.com" {
if { [match class [IP::client_addr]] equals allowedipaddresses } {
return
}
elseif { [HTTP::uri] contains "/database*" } {
HTTP::redirect "/"
}
}
"domainb.com" {
if { [match class [IP::client_addr]] equals allowedipaddresses } {
return
}
else {
reject
}
}
}
}

Create a Data Group that contains the allowed IP Addresses (or Subnets / Networks).

Hope this helps.

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

security irule per domain

Jonathan - March 2026 Featured Member

F5 AppWorld 2026 Las Vegas - iRules Contest Winners!

2026 F5 DevCentral MVP Announcement

Recent Discussions

How to configure ssh access by key on F5OS

F5 BIG-IP DNS/Audit Logs — Structured Format for SIEM Ingestion

Bot Defense causing a lot of false positives

Recommendation for Adv. Lab

iRules for recreation: HTTP Protocol Parser implemented using BIG-IP iRule(unfinished)

Related Content

Quarterly Security Notification October 2025

Route Domains

Avoiding Common iRules Security Pitfalls

Positive Security vs. Negative Security: A Comparison Using F5's Security Portfolio

iRule to modify a content-security-policy header

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS