For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

tacobell_112236's avatar
tacobell_112236
Icon for Nimbostratus rankNimbostratus
Dec 08, 2010

URL access based on IP\LDAP

Im new to F5 ASM so I apologize for my ignorance in advance. Is it possible to create an IRule to allow access to a webpage based on IP adresses and\ or LDAP group?

 

 

I see this as an example but not sure how to add multiple IP addresses and I dont want a redirect. Any help is appreciated.

 

 

 

 

 

when HTTP_REQUEST { if { ([HTTP::uri] starts_with "/admin") and ([matchclass [IP::remote_addr] equals $$IPAddressDataGroup]) } { HTTP::redirect "https://foo.com/admin/index/index/" } else { HTTP::redirect "https://foo.com/login/index/login/" } }

 

application delivery
dev
devops
iRules

11 Replies

Show More
  • hoolio's avatar
    hoolio
    Icon for Cirrostratus rankCirrostratus
    Dec 27, 2010
    This is what I was thinking of for your second scenario of an IP and multiple URI checks: 

    
when CLIENT_ACCEPTED {
    Look up client IP once per TCP connection
   if { [matchclass [IP::client_addr] equals IPAddressDataGroup] }{
      set matched_ip 1
   } else {
      set matched_ip 0
   }
}
when HTTP_REQUEST {
    If we had a match on the client IP, check the requested URI with wildcards
   if {$matched_ip==1}{
      switch -glob [HTTP::uri] {
         "/adstructure*" -
         "/CiteCode*" -
         "/jsp/funsite*" {
             IP and URI check were both true, so redirect client to custom URL
            HTTP::redirect "https://www.xxx.com/adstructure/xxx/login.jsp/index/index/"
             Exit this event in this iRule
            return
         }
      }
   }
    If we haven't exited this event already, send a default redirect
   HTTP::redirect "https://www.xxx.com/"
}

    Aaron