For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

doi_dsat's avatar
doi_dsat
Icon for Nimbostratus rankNimbostratus
Jul 15, 2020

Setup F5 big-ip irules to allow source ip to specific uri only and drop other access

I would like to know how to setup a irule to meet below requirement: if source ip equal to '1.2.3.4' allow access to "https://abc/def" only (abc is virtual server, def is data group mapping conten...
BIG-IP
devops
iRules
Dario_Garrido's avatar
Dario_Garrido
Icon for Noctilucent rankNoctilucent
Jul 15, 2020

Hello Doi.

Try this ->

when HTTP_REQUEST {
	# reject user if source IP is not 1.2.3.4 and first path value is not included in DATAGROUP
	if { ([class match [getfield [string tolower [HTTP::path]] "/" 0] neq DATAGROUP]) || ([IP::addr [IP::client_addr] neq 1.2.3.4]) } {
		reject
	}
}

Regards,

Dario.