For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

tacobell_112236's avatar
tacobell_112236
Icon for Nimbostratus rankNimbostratus
Dec 08, 2010

URL access based on IP\LDAP

Im new to F5 ASM so I apologize for my ignorance in advance. Is it possible to create an IRule to allow access to a webpage based on IP adresses and\ or LDAP group?     I see this as an exam...
application delivery
dev
devops
iRules
hoolio's avatar
hoolio
Icon for Cirrostratus rankCirrostratus
Dec 27, 2010
This is what I was thinking of for your second scenario of an IP and multiple URI checks: 


when CLIENT_ACCEPTED {
    Look up client IP once per TCP connection
   if { [matchclass [IP::client_addr] equals IPAddressDataGroup] }{
      set matched_ip 1
   } else {
      set matched_ip 0
   }
}
when HTTP_REQUEST {
    If we had a match on the client IP, check the requested URI with wildcards
   if {$matched_ip==1}{
      switch -glob [HTTP::uri] {
         "/adstructure*" -
         "/CiteCode*" -
         "/jsp/funsite*" {
             IP and URI check were both true, so redirect client to custom URL
            HTTP::redirect "https://www.xxx.com/adstructure/xxx/login.jsp/index/index/"
             Exit this event in this iRule
            return
         }
      }
   }
    If we haven't exited this event already, send a default redirect
   HTTP::redirect "https://www.xxx.com/"
}

Aaron