Setup F5 big-ip irules to allow source ip to specific uri only and drop other access

Question

I would like to know how to setup a irule to meet below requirement:

if source ip equal to '1.2.3.4'
allow access to "https://abc/def" only (abc is virtual server, def is data group mapping content on virtual server)
and block other access, not allow to access to "https://abc/XXX" (XXX for others mappings)

thank you.

dario_garrido · Answer

Hello Doi.Try this -&gt;when HTTP_REQUEST {
	# reject user if source IP is not 1.2.3.4 and first path value is not included in DATAGROUP
	if { ([class match [getfield [string tolower [HTTP::path]] "/" 0] neq DATAGROUP]) || ([IP::addr [IP::client_addr] neq 1.2.3.4]) } {
		reject
	}
}Regards,Dario.

Forum Discussion

Setup F5 big-ip irules to allow source ip to specific uri only and drop other access

Recent Discussions

AS3 Limitations

Help needed with iRule (connection closed log )

Use of SSL Decryption.

VLAN Failsafe Functionality

FTP PASV mode to Extended Passive mode

Related Content

BIG-IP Next: iRules pool routing

Decrypting BIG-IP Packet Captures without iRules

iRules variables in BIG-IP Next: behavior change

Happy 20th Birthday, BIG-IP TMOS!

Help F5 Transform the BIG-IP Administrator Certification

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS