For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

netw's avatar
netw
Icon for Nimbostratus rankNimbostratus
Nov 23, 2023

specific internet source IP & internal IP allow

Hello, 1. we have requirement to allow specific 4 public source IP along with private internal IP's to access  specific URI path.  example: specific URI/path https://xyz.com/function/party/functi...
security
Daniel_Wolf's avatar
Daniel_Wolf
Icon for MVP rankMVP
Nov 25, 2023

Hi netw,

this iRule should do. With or without ASM.

 

 

when HTTP_REQUEST priority 500 {
    set content "<html>
                    <head>
                        <title>Go away!</title>
                    </head>
                    <body>
                        <h1>Go away!</h1>
                        <p>This page is for authorized users only.</p>
                    </body>
                </html>"
    if { ([HTTP::host] eq "hostname.xyz.com") and ([HTTP::uri] starts_with "/function/party/function-engine/v2/fuction/events-messages") } {
        switch -glob -- [class match [IP::client_addr] eq dg_allowed_ipaddress] {
            "1" {
                return
            }
            default {
                HTTP::respond 403 -version auto content $content noserver
            }
        }
    } else {
        return
    }
    unset -- content
}

 

 

You need a datagroup of the type Address, in this iRule called dg_allowed_ipaddress.

KR
Daniel