For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Andrea_361's avatar
Andrea_361
Icon for Nimbostratus rankNimbostratus
Oct 22, 2009

URI access restricted to ip subnet

hi people,   I have F5 running version 9.4.7 , I try to implement iRule in order to limit access to defined URI only to internal subnet, but i'm unable to obtain the correct result, the URI is al...
application delivery
dev
devops
iRules
hoolio's avatar
hoolio
Icon for Cirrostratus rankCirrostratus
Oct 22, 2009
Is the datagroup defined as a type 'address'? Can you add more logging to the iRule and retest? 

 
 when HTTP_REQUEST { 
  
    log local0. "[IP::client_addr]:[TCP::local_port]: New [HTTP::method] request to [HTTP::host][HTTP::uri]" 
  
    if { [HTTP::uri] starts_with "/cms/" }{ 
  
       log local0. "[IP::client_addr]:[TCP::local_port]: Matched URI check.  Class contents: $::Agusta_internal" 
  
       if {not [matchclass [IP::client_addr] equals $::Agusta_internal]} { 
  
          log local0. "[IP::client_addr]:[TCP::local_port]: Matched IP check. Discarding request to [HTTP::uri]" 
          drop 
       } 
    } 
 }

Aaron