Forum Discussion

Nimbostratus

Feb 01, 2016

Source:IP filter irule

Hi Guys, Just new to F5 and currently facing some difficulties on irules. Kindly help me on irule for below requirement. 11.5 version **URL main page can be accesed by anyone from the inter...

MVP

Feb 01, 2016

Hi Oninicus,

its also possible to use [class match] for the IP comparsion. But keep in mind, that [class match] requires LTM data-groups to store the allowed IP adresses / subnets.

The [class match] code would look like this...

Datagroup:

ltm data-group internal YOUR_DATA_GROUP {
    records {
        116.213.0.0/16 { }
        141.113.128.0/19 { }
    }
    type ip
}

iRule:

when HTTP_REQUEST {
    if { [string tolower [HTTP::uri]] eq "/login" } then {
        if { [class match [IP::client_addr] equals YOUR_DATA_GROUP] } then {
             Let the request pass...
        } else {
            HTTP::respond 403 content "Access Denied"
        }        
    } else {
         Let the request pass...   
    }
}

Cheers, Kai

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

Source:IP filter irule

Recent Discussions

ports are showing open on online scanning tool

Upgrade F5 BIGIP

DNS HM Probe issue

Is XFF a must for ASM WAF DoS

Switch ssl profile based on weak cipher detection via IRULE

Related Content

Ansible bigip_device_facts - Filter Output

Filter request irule

irule ports

Packet filter can't filter proxypass is there any other way to filter traffic?

Filtering unused External SP Connectors

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS