Forum Discussion
ngaze_66812
Nimbostratus
NimbostratusURL restrictions for public and class
What I'm attempting to do with the below iRule (and struggling to accomplish) is to allow public addresses to connect to the servers after coming in with a /home request, but then to restrict access to certain networks when requesting /web-services. All other requests should be getting rejected. I've been tweaking this rule trying to get it to work for quite a while and after applying in it's current state it is still allowing access to /*. Any help on this is appreciated.
when HTTP_REQUEST {
if {[HTTP::uri] contains "/home" } {
pool server_pool
}
elseif {[HTTP::uri] contains "/web-services"} {
if {[matchclass [IP::client_addr] equals allowed_networks] }{
pool server_pool
}
else {
reject
}
}
else {
reject
}
}
1 Reply
Michael_YatesHi ngaze,
I am making a few assumptions, so correct me if I am wrong. I am assuming that your URI starts with /home or /web-services for the comparisons that you are looking to qualify for.
I am also assuming that you are on v10.x.x because of the way that you listed your class ("allowed_networks") in your iRule, so I changed the "matchclass" to "class match". If you are still on on v9.x.x you will need to switch it back to "matchclass".
Try this and see if it works for you.when HTTP_REQUEST { switch -glob [string tolower [HTTP::uri]] { "/home*" { pool server_pool } "/web-services*" { if { [class match [IP::client_addr] equals allowed_networks] }{ pool server_pool } } default { reject } } }
