Forum Discussion

Pankaj_70057's avatar
Pankaj_70057
Icon for Nimbostratus rankNimbostratus
Jan 26, 2012

To block some specific traffic from F5 for specific virtual directory

Here is the our requirement so if possible can you send me actual iRule to fulfill this requirement. Site: https://www.xyz.com/bac Allowed below host: 174.26.53.0/24 172.56.36.2 175.63.54.0/24 Block: ...
application delivery
dev
devops
iRules
hoolio's avatar
hoolio
Icon for Cirrostratus rankCirrostratus
Jan 27, 2012
Which LTM version are you on? You can check in the GUI under System | General Properties | Version. If you're on 9.4.4 or higher, you can use this

9.4.4 - 9.4.8


when HTTP_REQUEST {
     Check the requested path set to lower case
    switch -glob [string tolower [HTTP::path]] {
        "/bac*" {
             Path started with /bac so check if client IP is in the allowed_hosts_dg data group
            if {not [matchclass [IP::client_addr] equals allowed_hosts_dg]}{
                 Send a 403 unauthorized response
                HTTP::respond 403 content {Blocked!}
                 Or you could reset the TCP connection
                reject
            }
        }
    }
}

9.4.3 and lower


when HTTP_REQUEST {
     Check the requested path set to lower case
    switch -glob [string tolower [HTTP::path]] {
        "/bac*" {
             Path started with /bac so check if client IP is in the allowed_hosts_dg data group
            if {not [matchclass [IP::client_addr] equals $::allowed_hosts_dg]}{
                 Send a 403 unauthorized response
                HTTP::respond 403 content {Blocked!}
                 Or you could reset the TCP connection
                reject
            }
        }
    }
}

Aaron