Forum Discussion
oninicus_162976
Nimbostratus
NimbostratusSource:IP filter irule
Hi Guys,
Just new to F5 and currently facing some difficulties on irules. Kindly help me on irule for below requirement.
11.5 version **URL main page can be accesed by anyone from the internet (any) **Same URL can only be accessed by specific subnets (source: 116.213.0.0/16 and 141.113.128.0/19) if uri is /login
- Kai_Wilke
MVP
Hi Oninicus,
you may try this iRule snippet as a starting point...
when HTTP_REQUEST { if { [string tolower [HTTP::uri]] eq "/login" } then { if { ([IP::addr [IP::client_addr] equals 116.213.0.0/16]) or ([IP::addr [IP::client_addr] equals 141.113.128.0/19]) } then { Let the request pass... } else { HTTP::respond 403 content "Access Denied" } } else { Let the request pass... } }Cheers, Kai
- Kai_Wilke
Hi Oninicus,
its also possible to use [class match] for the IP comparsion. But keep in mind, that [class match] requires LTM data-groups to store the allowed IP adresses / subnets.
The [class match] code would look like this...
Datagroup:
ltm data-group internal YOUR_DATA_GROUP { records { 116.213.0.0/16 { } 141.113.128.0/19 { } } type ip }iRule:
when HTTP_REQUEST { if { [string tolower [HTTP::uri]] eq "/login" } then { if { [class match [IP::client_addr] equals YOUR_DATA_GROUP] } then { Let the request pass... } else { HTTP::respond 403 content "Access Denied" } } else { Let the request pass... } }Cheers, Kai
