Forum Discussion

Nimbostratus

Dec 05, 2011

security irule per domain

hello, i have a server that serves two domains. lets say that the domain names are DomainA.com and DomainB.com i want to build a security irule so that: 1. admins from certain...

Nimbostratus

Dec 05, 2011

Hi bezeqint,

One way to do it would be to use Data Groups (Classes). Something like this:

 
when HTTP_REQUEST {
switch -glob [string tolower [HTTP::host]] {
"*domaina.com" {
if { [match class [IP::client_addr]] equals allowedipaddresses } {
return
}
elseif { [HTTP::uri] contains "/database*" } {
HTTP::redirect "/"
}
}
"domainb.com" {
if { [match class [IP::client_addr]] equals allowedipaddresses } {
return
}
else {
reject
}
}
}
}

Create a Data Group that contains the allowed IP Addresses (or Subnets / Networks).

Hope this helps.

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

security irule per domain

Recent Discussions

F5 looses the token for the first call

iRule - Url rewrite and header replace and pool selection not working

Switch ssl profile based on weak cipher detection via IRULE

full-proxy HTTP2

Decode ObjectSID from Base64-encode string

Related Content

Applicaton security logs stopped

Security Advisory Status

Cannot get domain in iRule after APM logon page

Issue creating static route in Route Domain

About the number of Route Domains

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS