Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

Forum Discussion

Nolan_Jensen's avatar
Nolan_Jensen
Icon for Cirrostratus rankCirrostratus
Sep 24, 2019

Source IP and http path restriction via irule or LTM policy

I am trying to figure out the best way to accomplish the below scenario so any help you can provide would be greatly appreciated.     I would like to be able to allow and block certain IP's and htt...
application delivery
irules
LTM
LTM Policies
Enes_Afsin_Al's avatar
Enes_Afsin_Al
Icon for MVP rankMVP
Sep 24, 2019

Hi Nolan Jensen,

Only rule2 is enough. I think, wildcard characters not working in policy. I'm not sure. You can use "starts with" instead of "is", and remove wildcard (*).

iRule:

when HTTP_REQUEST {
	if { not ([class match [IP::client_addr] equals nolan_test]) } {
		switch -glob [string tolower [HTTP::uri]] {
			"/maintenancepagedev/swagger/*" -
			"/maintenancepagedev/api/remove/*" -
			"/maintenancepagedev/api/update/*" -
			"/maintenancepagedev/api/set/*" -
			"/treecoupondev/*" {
				# log local0. "Uri: [HTTP::uri] ClientIP: [IP::client_addr]"
				reject
			}
			default {
				# log local0. "Uri: [HTTP::uri] ClientIP: [IP::client_addr]"
			}
		}
	}
}