Forum Discussion
hooleylist
Jan 26, 2012Cirrostratus
Hi Pankaj,
You can try to implement this type of logic in an iRule, but it may be simple to bypass:
http://devcentral.f5.com/Default.aspx?tabid=53&forumid=5&tpage=1&view=topic&postid=30900
That said, here is an example that could provide some protection. First, create an address data group containing the hosts and networks which can access /bac*. Then use an iRule like this which references a data group named allowed_hosts_dg:
when HTTP_REQUEST {
switch -glob [string tolower [HTTP::path]] {
"/bac*" {
if {not [class match [IP::client_addr] equals allowed_hosts_dg]}{
HTTP::respond 403 content {Blocked!}
}
}
}
}
Aaron