Forum Discussion
Yozzer
Nimbostratus
NimbostratusUsername and IP restricted login
Hi
I want to restrict access to a website login page so that it can only be accessed by certain usernames (e.g User1-Ops, User2-Ops, etc) and only if they access from a list of allowed IP addresses.
Does anyone have any examples of what im looking for?
thanks
- Hi Youzzer,
I wrote a Tech Tip on an HTTP basic access authentication iRule a while back. You can add a second datagroup for username/IP address pretty easily. Here's the Tech Tip:
http://devcentral.f5.com/Tutorials/TechTips/tabid/63/articleType/ArticleView/articleId/1086387/HTTP-Basic-Access-Authentication-iRule-Style.aspx
-George 
Yozzerwould this work?
when HTTP_REQUEST {
if {([HTTP::method] eq "POST") && ([HTTP::uri] eq "/login.aspx") && (![matchclass [IP::client_addr] equals $::trustedAddresses])} {
HTTP::collect [HTTP::header "Content-Length"]
}
}
when HTTP_REQUEST_DATA {
set sema "no"
switch -glob [URI::decode [URI::query "?[HTTP::payload]" username]] {
"*-Ops*" {
set sema "yes"
}
}
if { $sema == "yes"} {
HTTP::respond 200 content {
HTML page settings to show the following text:
You can’t login from your current location.
}
}
}- YozzerThis works fine although i want to prevent case problems with the username. How can i use [string tolower] with the above example for the username?
Any ideas?
Thanks - switch -glob [string tolower [URI::decode [URI::query "?[HTTP::payload]" username]]] {
- YozzerThanks John, that worked.
