F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

Pankaj_70057's avatar
Pankaj_70057
Icon for Nimbostratus rankNimbostratus
Jan 26, 2012

To block some specific traffic from F5 for specific virtual directory

Here is the our requirement so if possible can you send me actual iRule to fulfill this requirement. Site: https://www.xyz.com/bac Allowed below host: 174.26.53.0/24 172.56.36.2 175.63.54.0/24 Block: ...
application delivery
dev
devops
iRules
hoolio's avatar
hoolio
Icon for Cirrostratus rankCirrostratus
Jan 26, 2012
Hi Pankaj,

You can try to implement this type of logic in an iRule, but it may be simple to bypass:

http://devcentral.f5.com/Default.aspx?tabid=53&forumid=5&tpage=1&view=topic&postid=30900

That said, here is an example that could provide some protection. First, create an address data group containing the hosts and networks which can access /bac*. Then use an iRule like this which references a data group named allowed_hosts_dg: 


when HTTP_REQUEST {

switch -glob [string tolower [HTTP::path]] {
"/bac*" {
if {not [class match [IP::client_addr] equals allowed_hosts_dg]}{
HTTP::respond 403 content {Blocked!}
}
}
}
}

Aaron